setup_2fa_with_google_authenticator_for_ssh

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
setup_2fa_with_google_authenticator_for_ssh [06.08.2021 20:22] Pascal Sutersetup_2fa_with_google_authenticator_for_ssh [16.12.2022 09:43] (current) Pascal Suter
Line 24: Line 24:
 now if you use ssh key authentication you won't be asked for your second factor anymore. if you don't like that, you can do the following to force a three factor authentication, where you need to have an authorized private key + password + google authenticator code:  now if you use ssh key authentication you won't be asked for your second factor anymore. if you don't like that, you can do the following to force a three factor authentication, where you need to have an authorized private key + password + google authenticator code: 
  
-edit ''/etc/pam.d/sshd'' and change the google authenticator line from ''required'' to ''sufficient'':  +make sure these options are sett as follows in your ''/etc/ssh/sshd_conf'' file: 
-  auth sufficient pam_google_authenticator.so +
- +
-now make sure these options are sett as follows in your ''/etc/ssh/sshd_conf'' file: +
 <code> <code>
 ChallengeResponseAuthentication yes ChallengeResponseAuthentication yes
 UsePAM yes UsePAM yes
-AuthenticationMethods publickey,keyboard-interactive+AuthenticationMethods publickey,password publickey,keyboard-interactive
 PasswordAuthentication no PasswordAuthentication no
 </code> </code>
  • setup_2fa_with_google_authenticator_for_ssh.1628274170.txt.gz
  • Last modified: 06.08.2021 20:22
  • by Pascal Suter