SSH Two-Factor Authentication

Hi Folks!

Proliferation of the Internet changes our life that almost anything demands for the Internet. Our personal information, bank accounts, Company’ secrets etc.. So, how we protect our computer systems from intruders ? As you know most common method is password authentication. But People are so inclined to use short passwords. Brute-Force methods prevails it. So, We need additional authentication information beside password. One of them is Two-Factor authentication. And it has different kind of versions. In this post we will use OTP which generates code from  time-synchronization. So Time accuracy is important. To do so, my host pulls time from reliable NTP servers.

Install necessary Packages.

You  have to be root user to  install necessary packages.

#yum install google-authenticator

Run google-authenticator

Now, You can switch your normal account. And run google-authenticator command on a shell. It will ask you a couple of questions. You can see the picture. (Figure-1)

                                                            Figure-1 It creates a QR code

                                      Figure-2 It asks a couple of options to configure

Install Google Authenticatior on Your Android Phone

You also need to install Google Authenticator Application on your Android phone. Run the application and scan the QR code that we have already created it by running google-authenticator command on the shell.(Figure-1)

Figure-3 Google Authenticatior Android Application

Configuration of google-authenticator for SSH.

We will use two-factor authentication for SSH protocol. So we need to add google-authenticator pam module. Add the line below top of the sshd file on the path /etc/pam.d

auth required pam_google_authenticator.so

Configure sshd_config File

Edit your sshd_config file on the path /etc/ssh and change one option from “ChallengeResponseAuthentication no” to “ChallengeResponseAuthentication yes”

ChallengeResponseAuthentication yes

Restart SSH service

systemctl restart sshd.service

Test Time!

Now try to login to the host that you configured for Two-Factor authentication. You can see that I also need a verification code.

      Figure-3 It asks me verification code beside password.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.