Diadem Web Hosting Knowledgebase
Search:     Advanced search

Secure SSH with Google Authenticator Two-Factor Authentication on CentOS

Article ID: 984
Last updated: 05 Dec, 2017
Add comment
Views: 191
Comments: 0

Server level activities

1. Install the open source Google Authenticator PAM module
# yum install google-authenticator

2. To get the verification code
# google-authenticator

3. We need to make changes to the PAM configuration.
# vim /etc/pam.d/sshd
auth required pam_google_authenticator.so

4. Now we need to make changes to the SSH configuration.
# vim /etc/ssh/sshd_config
ChallengeResponseAuthentication yes
# service sshd restart

Client level activities

Manually add an account on Google Authenticator for SSH:
We need to scan the Barcode from google authenticator app or we can add it manually using account name and security key getting at setup time (step 02).
Barcode: https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/root@store.XXX.com%3Fsecret%3DJBN

Enter your account name: root@store.XXX.com
Your new secret key is: HBA********************JIW

Install and Configure an OTP smartphone app

Please download the Google Authenticator apps on your smart phone to generate the verification code.
Apps Link for android phone: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en

Note: Clear Google Authenticator application's cache every 30 days to work it properly.

Now when user will try to login the root access through putty or SSH they need to provide the validation code before the root password .

Reff: https://www.howtoforge.com/tutorial/secure-ssh-with-google-authenticator-on-centos-7/

This article was:  
Add comment
Prev   Next
Linux Hosting     Configure Manul antimalware for web content scanning