Proliferation of the Internet changes our life that almost anything demands for the Internet. Our personal information, bank accounts, Company’ secrets etc.. So, how we protect our computer systems from intruders ? As you know most common method is password authentication. But People are so inclined to use short passwords. Brute-Force methods prevails it. So, We need additional authentication information beside password. One of them is Two-Factor authentication. And it has different kind of versions. In this post we will use OTP which generates code from time-synchronization. So Time accuracy is important. To do so, my host pulls time from reliable NTP servers.
Install necessary Packages.
You have to be root user to install necessary packages.
#yum install google-authenticator
Now, You can switch your normal account. And run google-authenticator command on a shell. It will ask you a couple of questions. You can see the picture. (Figure-1)
Install Google Authenticatior on Your Android Phone
You also need to install Google Authenticator Application on your Android phone. Run the application and scan the QR code that we have already created it by running google-authenticator command on the shell.(Figure-1)
Configuration of google-authenticator for SSH.
We will use two-factor authentication for SSH protocol. So we need to add google-authenticator pam module. Add the line below top of the sshd file on the path /etc/pam.d
auth required pam_google_authenticator.so
Configure sshd_config File
Edit your sshd_config file on the path /etc/ssh and change one option from “ChallengeResponseAuthentication no” to “ChallengeResponseAuthentication yes”
Restart SSH service
systemctl restart sshd.service
Now try to login to the host that you configured for Two-Factor authentication. You can see that I also need a verification code.