We will enable two factor authentication in out ubuntu server. To implement that we are going to use multifactor authentication with Google Authenticator.

Step 1: Install Google Authenticator from following link in your Android device/iPhone/iPad/BlackBerry/Firefox devices


Step 2: Install Google Authenticator in your Ubuntu

fakrul@fakrul-ubuntu ~> sudo apt-get install libpam-google-authenticator

Step 3: Create an Authentication Key

Log in as the user you’ll be logging in with remotely and run the google-authenticator command to create a secret key for that user.

fakrul@fakrul-ubuntu ~> google-authenticator

You will be prompted for some configurations. Scan the QRcode that appears with the Google Authenticator app or you can add the secret key Google Authenticator app.


Save the backup codes listed somewhere safe. They will allow you to regain access if you lose your phone with the Authenticator app.

Next it will ask several question; unless you have a good reason to, the defaults presented are sane. Just enter “y” for them.

Step 4: Activate Google Authenticator

Enable Google Authenticator for SSH logins.

fakrul@fakrul-ubuntu ~> sudo vi /etc/pam.d/sshd
auth required pam_google_authenticator.so

Next, open the /etc/ssh/sshd_config file, locate the ChallengeResponseAuthentication line, and change it to read as follows.

fakrul@fakrul-ubuntu ~> vi /etc/ssh/sshd_config
ChallengeResponseAuthentication yes

Step 5: Restart ssh to activate the feature

fakrul@fakrul-ubuntu ~> sudo service ssh restart

Please note that it wont’s work if you have public key based authentication is enabled.