Multi Factor Authentication with SSH

From Coolscript

Revision as of 11:53, 23 December 2020 by Admin (talk | contribs) (→‎Default Setup)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

This is howto setup MFA using the Google Authenticator.

Installation

Only one package is required to install:

apt install libpam-google-authenticator

Default Setup

Configuration /etc/pam.d/sshd

Put the following sting underneath of @include common-auth

auth required pam_google_authenticator.so

Configuration /etc/ssh/sshd_config

LogLevel DEBUG3
PasswordAuthentication no
ChallengeResponseAuthentication yes
UsePAM yes

NOTE that this setup will allow users to bypass the MFA setup when using public keys

Retrieved from "https://coolscript.org/index.php?title=Multi_Factor_Authentication_with_SSH&oldid=240"