πŸ” : SSH and Authenticator


If you want to secure SSH with Authenticator of more specifically with MFA, then you need to complete some amendments to your server configuration, for this guide I am using CentOS, lets get started....

First you need to install the Google Authentication module with this command:

sudo dnf install google-authenticator

That should look like this:


You then need to run the setup with this command:

google-authenticator

That should look like this, where you will be asked to configure the software:


This will then see the setup process, I would answer "yes" for everything unless you have a reason not to:


Then you need to configure SSH to work with this extension, 

sudo nano /etc/pam.d/sshd

That will look like this:



Then add these lines to the top of that file:

auth required pam_google_authenticator.so nullok
auth required pam_permit.so


Press Ctrl + X and then "y" to save the changes:


Then you need to SSH configuration file with this:

sudo nano /etc/ssh/sshd_config

That will look like this:


You will need to add this to the file:

ChallengeResponseAuthentication yes
AuthenticationMethods publickey,password publickey,keyboard-interactive

That will look like this:


Press Ctrl + X and then "y" to save the changes:


Now you need to restart the SSH service with this:

sudo service sshd restart

That should look like this : 


Then when you login you will require your OTP code from your mobile, sweet!
Previous Post Next Post

Ω†Ω…ΩˆΨ°Ψ¬ Ψ§Ω„Ψ§ΨͺΨ΅Ψ§Ω„