Configure SSH Google Two factor (2FA) Authentication on CentOS / RHEL
Lets make short and clean !
Step 1: Install
sudo yum -y install google-authenticator qrencode
Step 2: Configuring SSH Server
$ sudo vi /etc/pam.d/sshd
auth required pam_google_authenticator.so
$ sudo /etc/ssh/sshd_config
ChallengeResponseAuthentication yes
Step 3: Configuring authentication
in terminal type : google-authenticator
This will ask you a series of questions, here is a recommended configuration:
- Use “time-based” time-based tokens: yes
- Update the
.google_authenticator
file: yes - Disallow multiple uses of the same authentication token: yes
- Increase the original generation time limit: no
- Enable rate-limiting: yes
You’ll be given secret key, verification code and emergency scratch codes to be used if you don’t have access to your phone. Write them down on paper or notepad and keep them safe.
Your new secret key is: F298F23FJ230F9JSHXXXXXX
Your verification code is 142XXX
Your emergency scratch codes are:
1345XXXX
6526XXXX
3893XXXX
2457XXXX
6000XXXX
Step 4: Test SSH two factor Authentication
Restart sshd service on the server
sudo systemctl restart sshd
Next login will require you to pass given code in Auth App
./Cheers