Secure SSH with Google Authenticator Two-Factor Authentication on CentOS
Two-Factor Authentication on CentOS for root user
Server level activities
1. Install the open source Google Authenticator PAM module
# yum install google-authenticator
2. To get the verification code
# google-authenticator
3. We need to make changes to the PAM configuration.
# vim /etc/pam.d/sshd
auth required pam_google_authenticator.so
4. Now we need to make changes to the SSH configuration.
# vim /etc/ssh/sshd_config
ChallengeResponseAuthentication yes
# service sshd restart
Client level activities
Manually add an account on Google Authenticator for SSH:
We need to scan the Barcode from google authenticator app or we can add it manually using account name and security key getting at setup time (step 02).
Barcode: https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/root@store.XXX.com%3Fsecret%3DJBN
OR
Enter your account name: root@store.XXX.com
Your new secret key is: HBA********************JIW
Install and Configure an OTP smartphone app
Please download the Google Authenticator apps on your smart phone to generate the verification code.
Apps Link for android phone: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en
Note: Clear Google Authenticator application's cache every 30 days to work it properly.
Now when user will try to login the root access through putty or SSH they need to provide the validation code before the root password .
Reff: https://www.howtoforge.com/tutorial/secure-ssh-with-google-authenticator-on-centos-7/
Two-Factor Authentication on CentOS for mornal user
1. Login to the root user.
Username: root@diadem.in
Password: **********
Port NO: 2243
2. Then create the user.
# useradd naveen
# passwd naveen
3. Now login to the user to get the verification code for that specific user.
# sudo su - naveen
4. To get the verification code for that specific user.
$ google-authenticator
5. Now user can login to server's shell prompt as below given screenshot using Two-Factor Authentication.
Related Articles
How to configure two-factor authentication in zimbra webmail
Two-factor authentication in zimbra webmail Two-factor authentication in Outlook Two-factor authentication in zimbra webmail 1. Login to the Webmail. 2. Go to the Preferences > Accounts. Scroll down the page and click on Setup two-step ...Enable Google Authenticator with Plesk
Enable Google Authenticator with Plesk Objective: This extension offers additional user account protection with multi-factor authentication. After enabling Google Authenticator, a second step is added to the Plesk login procedure: in addition to ...Enable Two Factor Authentication 2FA on WHM and Cpanel
Enable Two Factor Authentication 2FA on WHM and Cpanel Enable 2FA on WHM Enable 2FA on Cpanel Enable 2FA on WHM Panel with Root User Step 1: Click on WHM >> Two Factor Authentication and toggle the bar to make it enabled and click on save. Step 2: ...Enable per-user Microsoft multifactor authentication
Enable per-user Microsoft Entra multifactor authentication video tutorial: https://www.youtube.com/watch?v=kw28X0c5ZwE Step 1: Enable Modern Authentication in Office 365 The modern authentication framework adds an extra layer of security for users ...Configuring authenticated email form delivery with PHPMailer
Objective: We have disabled the support for script through mails without authentication along with the up-gradation to Plesk. If a website uses a feedback or any mail sending script, then it has to be updated to ensure that it uses authenticated SMTP ...