Two-factor Authorization on Linux server
The article describes the installation under Ubuntu. Used by Google app.
You need to install google-authenticator from source, we don’t trust the left PPA? This will require git, build-essential, libpam0g-dev, checkinstall.
')
Everything, everything is prepared for customization.
It is necessary to configure sshd (/ etc / ssh / sshd_config)
Restart sshd (the current session will not be terminated):
To configure the user, you must run google-authenticator from each user. There will be displayed the secret key for the application , as well as a link to the QR code that can be scanned by the application. The application asks for email - it does not affect the OTP, it is solely for your convenience, you can enter user @ host.
Installing dependencies
You need to install google-authenticator from source, we don’t trust the left PPA? This will require git, build-essential, libpam0g-dev, checkinstall.
git clone https://code.google.com/p/google-authenticator/ cd libpam/ make sudo checkinstall -D sudo dpkg -i libpam_20120827-1_i386.deb ')
Everything, everything is prepared for customization.
Customization
# One Time Password echo "auth required pam_google_authenticator.so" >> /etc/pam.d/common-auth # SSH. , public key PAM, OTP . echo "auth required pam_google_authenticator.so" >> /etc/pam.d/sshd # , . auth required pam_google_authenticator.so nullok # OTP It is necessary to configure sshd (/ etc / ssh / sshd_config)
ChallengeResponseAuthentication yes Restart sshd (the current session will not be terminated):
/etc/init.d/ssh restart To configure the user, you must run google-authenticator from each user. There will be displayed the secret key for the application , as well as a link to the QR code that can be scanned by the application. The application asks for email - it does not affect the OTP, it is solely for your convenience, you can enter user @ host.
Source: https://habr.com/ru/post/150271/
All Articles