Two-factor authentication (2FA) is an additional layer of security that you can use on your Ubuntu. It is an OTP base configured in the mobile device.
The google 2FA authentication is available on mobile phones. This app allows you to receive a code on mobile after entering your website.
Nowadays all MNC and Corporate company in must be required 2FA for security purposes. it provides an extra security layer.
Prerequisites
- The non-root user with sudo privileges
- The public or private IP address of your server
- A phone running Android or Apple iOs
Step by Step Installation
First, update Ubuntu package repository information:
$ sudo apt-get update
Install the Google Authenticator PAM module
$ sudo apt-get install libpam-google-authenticator
Generate TOTP for a user
The Google PAM is installed in the system. we need to generate a TOTP. You should be all users that want to enable 2FA on their account.
Loggin with the user that you want to generate TOTP for, run the helper Google PAM application below
$ google-authenticator
Do you want authentication tokens to be time-based (y/n) Y
In the next step, you will show the QR code that you can scan with the Google Authenticator app. If you don’t want to scan the QR code,
you can enter the secret key displayed here manually on the Google Authenticator app on your phone.
Scan the QR code on the mobile device. After the ubuntu machine Yes click on the all option.
Enable PAM On SSH
We will have two configured SSH to allow users to log in using 2FA.
Open the
$ sudo nano /etc/pam.d/sshd
Add the line ‘auth required pam_google_authenticator.so’ line at the bottom of the file.
auth required pam_google_authenticator.so
Also the ssh configuration file in add
$ sudo nano /etc/ssh/sshd_config
Add this line in the ssh conf file
ChallengeResponseAuthentication yes
After restarting ssh services
$ sudo systemctl restart sshd.service
0 Comments