Secure SSH with Google Authenticator Two-Factor Authentication on CentOS

Two-Factor Authentication on CentOS for root user

Server level activities

1. Install the open source Google Authenticator PAM module
# yum install google-authenticator

2. To get the verification code
# google-authenticator

   
3. We need to make changes to the PAM configuration.
# vim /etc/pam.d/sshd
auth required pam_google_authenticator.so

   
4. Now we need to make changes to the SSH configuration.
# vim /etc/ssh/sshd_config
ChallengeResponseAuthentication yes
   
# service sshd restart

Client level activities

Manually add an account on Google Authenticator for SSH:
We need to scan the Barcode from google authenticator app or we can add it manually using account name and security key getting at setup time (step 02).
Barcode: https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/[email protected]%3Fsecret%3DJBN

OR
Enter your account name: [email protected]
Your new secret key is: HBA********************JIW 

Install and Configure an OTP smartphone app

Please download the Google Authenticator apps on your smart phone to generate the verification code.
Apps Link for android phone: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en

Note: Clear Google Authenticator application's cache every 30 days to work it properly.

Now when user will try to login the root access through putty or SSH they need to provide the validation code before the root password .

 
Reff: https://www.howtoforge.com/tutorial/secure-ssh-with-google-authenticator-on-centos-7/

Two-Factor Authentication on CentOS for mornal user

1. Login to the root user.
Username: [email protected]
Password: **********
Port NO: 2243

2. Then create the user.
# useradd naveen
# passwd naveen

3. Now login to the user to get the verification code for that specific user.
# sudo su - naveen

4. To get the verification code for that specific user.
$ google-authenticator

5. Now user can login to server's shell prompt as below given screenshot using Two-Factor Authentication.