Wednesday, August 26, 2015

Google Authenticator for Ubuntu

I am running SSH on Ubuntu and publish this service on my firewall so that I can remotely login. I used fail2ban to block IP address that is trying to brute-force his way in to my SSH server. I also setup notification so that I get email notification whenever someone is either successful login or not.

I think I need more than that, so today decided to dual-factor my SSH entrance :)

Running Ubuntu, I just need to run:

sudo apt-get install libpam-google-authenticator

This will install the lib for google authenticator
Then login to to system as the user who I want to be dual-factor authenticated, I run:

google-authenticator

this will prompt me a lot of question and I answered accordingly.
this also give me a QR code that I can add to my Google Authenticator apps.

Next is to edit /etc/pam.d/sshd and add the following line:

auth required pam_google_authenticator.so

Next is to edit /etc/ssh/sshd_config, and find the following line and change it:

ChallengeResponseAuthentication yes

Next is to restart the SSH service:

sudo service ssh restart

Then test it!!