setup_2fa_with_google_authenticator_for_ssh

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		 Previous revision
setup_2fa_with_google_authenticator_for_ssh [22.07.2021 22:43] – created Pascal Sutersetup_2fa_with_google_authenticator_for_ssh [16.12.2022 09:43] (current) Pascal Suter
Line 20: Line 20:
  
 Users that haven't configured google authenticator yet won't be able to login anymore until they have done the google authenticator config.  Users that haven't configured google authenticator yet won't be able to login anymore until they have done the google authenticator config. 
 +
 +===== ssh key authentication =====
 +now if you use ssh key authentication you won't be asked for your second factor anymore. if you don't like that, you can do the following to force a three factor authentication, where you need to have an authorized private key + password + google authenticator code: 
 +
 +make sure these options are sett as follows in your ''/etc/ssh/sshd_conf'' file: 
 +<code>
 +ChallengeResponseAuthentication yes
 +UsePAM yes
 +AuthenticationMethods publickey,password publickey,keyboard-interactive
 +PasswordAuthentication no
 +</code>
 +
 +restart sshd, and **don't logout** form your working session, try in a new window to connect via ssh to verify everything is working.. if not, you still have your active session to intervene and fix it :) 
  
  
  • setup_2fa_with_google_authenticator_for_ssh.txt
  • Last modified: 16.12.2022 09:43
  • by Pascal Suter