I am running SSH on Ubuntu and publish this service on my firewall so that I can remotely login. I used fail2ban to block IP address that is trying to brute-force his way in to my SSH server. I also setup notification so that I get email notification whenever someone is either successful login or not.
I think I need more than that, so today decided to dual-factor my SSH entrance :)
Running Ubuntu, I just need to run:
sudo apt-get install libpam-google-authenticator
This will install the lib for google authenticator
Then login to to system as the user who I want to be dual-factor authenticated, I run:
google-authenticator
this will prompt me a lot of question and I answered accordingly.
this also give me a QR code that I can add to my Google Authenticator apps.
Next is to edit /etc/pam.d/sshd and add the following line:
auth required pam_google_authenticator.so
Next is to edit /etc/ssh/sshd_config, and find the following line and change it:
ChallengeResponseAuthentication yes
Next is to restart the SSH service:
sudo service ssh restart
Then test it!!
No comments:
Post a Comment