Two-Factor Authentication for SSH Login on Linux

This tutorial explains the process of setting up two-factor authentication for an SSH server by integrating Google Authenticator with OpenSSH.

The first step is to install Google Authenticator on your Linux host. You can accomplish this by executing the following command: sudo apt-get install google-authenticator Configure Google Authenticator Once the installation is complete, you can set up Google Authenticator by running this command: google-authenticator During this process, you will be prompted to enter a secret key. Be sure to make a note of this key, as you will need it later. Configure OpenSSH To enable OpenSSH to work with Google Authenticator, you need to create a new file in the /etc/pam.d directory. You can do this by executing the following command: sudo nano /etc/pam.d/sshd Next, add the following line to the end of the file: auth required pam_google_authenticator.so Finally, save and close the file.

Next, restart the SSH server by executing the following command: sudo service ssh restart Use Google Authenticator To utilize Google Authenticator, you must generate a one-time passcode on your Android device. To do this, open the Google Authenticator app and scan the QR code that was created during the setup process. After generating the one-time passcode, enter it on your Linux host to successfully log in to your SSH server. Summary: This tutorial explains how to set up two-factor authentication for an SSH server by integrating Google Authenticator with OpenSSH.