Diadem Technologies Hosting Knowledgebase

Secure SSH with Google Authenticator Two-Factor Authentication on CentOS

Article ID: 984
Last updated: 01 May, 2018

Two-Factor Authentication on CentOS for root user

Server level activities

1. Install the open source Google Authenticator PAM module
# yum install google-authenticator

2. To get the verification code
# google-authenticator

3. We need to make changes to the PAM configuration.
# vim /etc/pam.d/sshd
auth required pam_google_authenticator.so

4. Now we need to make changes to the SSH configuration.
# vim /etc/ssh/sshd_config
ChallengeResponseAuthentication yes
# service sshd restart

Client level activities

Manually add an account on Google Authenticator for SSH:
We need to scan the Barcode from google authenticator app or we can add it manually using account name and security key getting at setup time (step 02).
Barcode: https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/root@store.XXX.com%3Fsecret%3DJBN

Enter your account name: root@store.XXX.com
Your new secret key is: HBA********************JIW

Install and Configure an OTP smartphone app

Please download the Google Authenticator apps on your smart phone to generate the verification code.
Apps Link for android phone: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en

Note: Clear Google Authenticator application's cache every 30 days to work it properly.

Now when user will try to login the root access through putty or SSH they need to provide the validation code before the root password .

Reff: https://www.howtoforge.com/tutorial/secure-ssh-with-google-authenticator-on-centos-7/

Two-Factor Authentication on CentOS for mornal user

1. Login to the root user.
Username: root@diadem.in
Password: **********
Port NO: 2243

2. Then create the user.
# useradd naveen
# passwd naveen

3. Now login to the user to get the verification code for that specific user.
# sudo su - naveen

4. To get the verification code
for that specific user.
$ google-authenticator


5. Now user can login to server's shell prompt as below given screenshot using Two-Factor Authentication.

This article was:   Report an issue

Article ID: 984
Last updated: 01 May, 2018
Revision: 18
Views: 404
Comments: 0
print  Print email  Email to friend share  Share pool  Add to pool comment  Add comment
Prev     Next
Creating JAVA Web Application/ deploying WAR file       Setting Permissions on Web directories and files