Ubuntu: Two factor authentication for SSH
April 22, 2013 Leave a comment
Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote shell services or command execution between two network connected computers. Usually the network is insecure over which the computers are connected.
Install the two factor authentication
Open a terminal session (Ctrl+Alt+T)
wget https://google-authenticator.googlecode.com/files/libpam-google-authenticator-1.0-source.tar.bz2 tar -xvf libpam-google-authenticator-1.0-source.tar.bz2
Google authenticator is fetched to the pwd.
To install authenticator:
sudo apt-get install libpam0g-dev cd libpam-google-authenticator-1.0 make sudo make install
Now run:
google-authenticator
This will now ask you to configure your autheticator by asking (Y/N) questions.
Configure SSH to use the Google Authenticator
Open the pam.d/sshd file:
sudo vim /etc/pam.d/sshd
Add this line to the top of the file:
auth required pam_google_authenticator.so
Save file and exit (Esc + :wq)
Now open, sshd_config file
sudo vim /etc/ssh/sshd_config
Scroll down the list till you find:
ChallengeResponseAuthentication no
Change it to “yes”
ChallengeResponseAuthentication yes
Save file and exit(Esc + :wq)
Restart the ssh server:
sudo service ssh restart
Setting up new account in your Google Authenticator app
1. Open the Google Authenticator app in your smartphone. Press Menu and select “setup an account”
2. Press “Enter key provided”.
3. Give your account a name and enter the secret key generated earlier.
Now when you connect via SSH to your remote computer, you will see the request for the verification key.
Note: The two-factor authentication only works for password-based login. If you are already using a public/private key for your SSH session, it will bypass the two-factor authentication and log you in directly.
You must be logged in to post a comment.