Diadem Web Hosting Knowledgebase
Search:     Advanced search

Secure SSH with Google Authenticator Two-Factor Authentication on CentOS

Article ID: 984
Last updated: 01 May, 2018
Add comment
Views: 359
Comments: 0

Two-Factor Authentication on CentOS for root user

Server level activities

1. Install the open source Google Authenticator PAM module
# yum install google-authenticator

2. To get the verification code
# google-authenticator

   
3. We need to make changes to the PAM configuration.
# vim /etc/pam.d/sshd
auth required pam_google_authenticator.so

   
4. Now we need to make changes to the SSH configuration.
# vim /etc/ssh/sshd_config
ChallengeResponseAuthentication yes
   
# service sshd restart


Client level activities

Manually add an account on Google Authenticator for SSH:
We need to scan the Barcode from google authenticator app or we can add it manually using account name and security key getting at setup time (step 02).
Barcode: https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/root@store.XXX.com%3Fsecret%3DJBN

OR
Enter your account name: root@store.XXX.com
Your new secret key is: HBA********************JIW
 

Install and Configure an OTP smartphone app

Please download the Google Authenticator apps on your smart phone to generate the verification code.
Apps Link for android phone: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en

Note: Clear Google Authenticator application's cache every 30 days to work it properly.

Now when user will try to login the root access through putty or SSH they need to provide the validation code before the root password .

 
Reff: https://www.howtoforge.com/tutorial/secure-ssh-with-google-authenticator-on-centos-7/


Two-Factor Authentication on CentOS for mornal user

1. Login to the root user.
Username: root@diadem.in
Password: **********
Port NO: 2243

2. Then create the user.
# useradd naveen
# passwd naveen


3. Now login to the user to get the verification code for that specific user.
# sudo su - naveen

4. To get the verification code
for that specific user.
$ google-authenticator

   

5. Now user can login to server's shell prompt as below given screenshot using Two-Factor Authentication.

This article was:  
Add comment
Prev   Next
How to create hosting in Cent OS web control panel     Configure Manul antimalware for web content scanning