SSH to your Linux Server using Google Authenticator app

Updated: Aug 21

In this section, we will learn how to secure your ssh connection with MFA using Google authenticator app.

Before we start go ahead and download the google authenticator app to your mobile device.

After you successfully downloaded and install the google authenticator app on your mobile device go to your Linux server and install the google-authenticator PAM module by typing this command:

swarm@swarm3:~$ sudo apt install libpam-google-authenticator
Reading package lists... Done
Building dependency tree       
Reading state information... Done
libpam-google-authenticator is already the newest version (20191231-2).
0 upgraded, 0 newly installed, 0 to remove and 75 not upgraded

  

After the installation complete type following command:

swarm@swarm3:~$ google-authenticator

 
  1. Follow the instructions and scan the bar-code by your google authenticator mobile app

  2. You can type yes for every question that you encounter during the process of setting up the Google authentication app

  3. After completion save the emergency scratch codes in a secure location, you will need it in case you lose your phone

  4. You can do this process for every user on your Linux server.

 

Now we will need to enable “ChallengeResponseAuthentication” in the ssh config file.

swarm@swarm3:~$ sudo vi /etc/ssh/sshd_config

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication yes

 

Don’t forget to save the file by pressing :qw

 

Restart the SSH service:

swarm@swarm3:~$ sudo systemctl restart ssh

 
 

The final step is to add the google authentication module to the PAM ssh config file:

swarm@swarm3:~$ sudo vi /etc/pam.d/sshd
 

Add this line to the end of the config file and save the file:

auth required pam_google_authenticator.so
 
 

That’s it, now you can ssh to your server using google authentication

Verfication code: Enter the code that presented in your google authenticator app in your mobile device.

#Devops #Linux

10 views0 comments