hosting image

Configure SSH Google Two factor (2FA) Authentication on CentOS / RHEL

Lets make short and clean !

Step 1: Install

sudo yum -y install google-authenticator qrencode

Step 2: Configuring SSH Server

$ sudo vi /etc/pam.d/sshd 
auth required

$ sudo /etc/ssh/sshd_config

ChallengeResponseAuthentication yes

Step 3: Configuring authentication

in terminal type :  google-authenticator

This will ask you a series of questions, here is a recommended configuration:

  • Use “time-based” time-based tokens: yes
  • Update the .google_authenticator file: yes
  • Disallow multiple uses of the same authentication token: yes
  • Increase the original generation time limit: no
  • Enable rate-limiting: yes

You’ll be given secret key, verification code and emergency scratch codes to be used if you don’t have access to your phone. Write them down on paper or notepad and keep them safe.

Your new secret key is: F298F23FJ230F9JSHXXXXXX
Your verification code is 142XXX
Your emergency scratch codes are:


Step 4: Test SSH two factor Authentication

Restart sshd service on the server

sudo systemctl restart sshd

Next login will require you to pass given code in Auth App 


Leave a Reply

Your email address will not be published. Required fields are marked *