SSH is a protocol that allows us to communicate between two computers over the internet (share files, control, or modify remote computers). Its most notable applications are remote login and command-line execution.
Here is the step-by-step process:
- Install Google Authenticator
- Configure MFA in PAM
- Update SSH Configuration
- Test the setup by logging in again using SSH.
The first step was to install the PAM module for Google Authenticator, which enables Time-based One-Time Passwords (TOTP).
sudo apt update && sudo apt install libpam-google-authenticator
google-authenticator
This generated a QR code I scanned using my authenticator app (like Google Authenticator or Authy) to enable MFA.
The second step was to edit /etc/pam.d/sshd and add this line:
auth required pam_google_authenticator
The third step was to update the SSH configuration.
Edit /etc/ssh/sshd_config and set:
ChallengeResponseAuthentication yes
PasswordAuthentication no
AuthenticationMethods publickey,keyboard-interactive
Restart SSH:
sudo systemctl restart ssh
SSH clients and SSH servers are available for most network operating systems." When you first get acquainted with it, it is most likely presented as a means for accessing a remote server. First of all, that's how it is. However, its capabilities are much wider.
Top comments (0)