Tags

,

We will enable two factor authentication in out ubuntu server. To implement that we are going to use multifactor authentication with Google Authenticator.

Step 1: Install Google Authenticator from following link in your Android device/iPhone/iPad/BlackBerry/Firefox devices

https://support.google.com/accounts/answer/1066447?hl=en

Step 2: Install Google Authenticator in your Ubuntu

fakrul@fakrul-ubuntu ~> sudo apt-get install libpam-google-authenticator

Step 3: Create an Authentication Key

Log in as the user you’ll be logging in with remotely and run the google-authenticator command to create a secret key for that user.

fakrul@fakrul-ubuntu ~> google-authenticator

You will be prompted for some configurations. Scan the QRcode that appears with the Google Authenticator app or you can add the secret key Google Authenticator app.

google_auth

Save the backup codes listed somewhere safe. They will allow you to regain access if you lose your phone with the Authenticator app.

Next it will ask several question; unless you have a good reason to, the defaults presented are sane. Just enter “y” for them.

Step 4: Activate Google Authenticator

Enable Google Authenticator for SSH logins.

fakrul@fakrul-ubuntu ~> sudo vi /etc/pam.d/sshd
auth required pam_google_authenticator.so

Next, open the /etc/ssh/sshd_config file, locate the ChallengeResponseAuthentication line, and change it to read as follows.

fakrul@fakrul-ubuntu ~> vi /etc/ssh/sshd_config
ChallengeResponseAuthentication yes

Step 5: Restart ssh to activate the feature

fakrul@fakrul-ubuntu ~> sudo service ssh restart

Please note that it wont’s work if you have public key based authentication is enabled.