We will enable two factor authentication in out ubuntu server. To implement that we are going to use multifactor authentication with Google Authenticator.
Step 1: Install Google Authenticator from following link in your Android device/iPhone/iPad/BlackBerry/Firefox devices
Step 2: Install Google Authenticator in your Ubuntu
fakrul@fakrul-ubuntu ~> sudo apt-get install libpam-google-authenticator
Step 3: Create an Authentication Key
Log in as the user you’ll be logging in with remotely and run the google-authenticator command to create a secret key for that user.
fakrul@fakrul-ubuntu ~> google-authenticator
You will be prompted for some configurations. Scan the QRcode that appears with the Google Authenticator app or you can add the secret key Google Authenticator app.
Save the backup codes listed somewhere safe. They will allow you to regain access if you lose your phone with the Authenticator app.
Next it will ask several question; unless you have a good reason to, the defaults presented are sane. Just enter “y” for them.
Step 4: Activate Google Authenticator
Enable Google Authenticator for SSH logins.
fakrul@fakrul-ubuntu ~> sudo vi /etc/pam.d/sshd auth required pam_google_authenticator.so
Next, open the /etc/ssh/sshd_config file, locate the ChallengeResponseAuthentication line, and change it to read as follows.
fakrul@fakrul-ubuntu ~> vi /etc/ssh/sshd_config ChallengeResponseAuthentication yes
Step 5: Restart ssh to activate the feature
fakrul@fakrul-ubuntu ~> sudo service ssh restart
Please note that it wont’s work if you have public key based authentication is enabled.