[Howto] setup two way authentication to ssh

#1

Installing Google Authenticator

sudo apt-get install libpam-google-authenticator
google-authenticator

Create an Authentication Key

Log in as the user you’ll be logging in with remotely and run the google-authenticator command to create a secret key for that user.

Allow the command to update your Google Authenticator file by typing y. You’ll then be prompted with several questions that will allow you to restrict uses of the same temporary security token, increase the time window that tokens can be used for, and limit allowed acces attempts to hinder brute-force cracking attempts. These choices all trade some security for some ease-of-use.

Google Authenticator will present you with a secret key and several “emergency scratch codes.” Write down the emergency scratch codes somewhere safe – they can only be used one time each, and they’re intended for use if you lose your phone.

##Activate Google Authenticator
Next you’ll have to require Google Authenticator for SSH logins. To do so, open the /etc/pam.d/sshd file on your system (for example, with the sudo nano /etc/pam.d/sshd command) and add the following line to the file:

sudo nano /etc/pam.d/sshd
auth required pam_google_authenticator.so

Next, open the /etc/ssh/sshd_config file, locate the ChallengeResponseAuthentication line, and change it to read as follows:

sudo nano /etc/ssh/sshd_config
ChallengeResponseAuthentication yes

(If the ChallengeResponseAuthentication line doesn’t already exist, add the above line to the file.)

Finally, restart the SSH server so your changes will take effect:

sudo service ssh restart

for good two way authentication apps for phones, computers, first you got the official google app that is also good for your google account to secure your mail etc.

https://www.google.com/landing/2step/

i use authy since it can handle more then just google

https://www.authy.com/

but in the end its all the same cause then you can use shitty password cause if you have the authentication setup and its connected to your devices it makes it so much harder to hack.

so that’s my little security tutorial for securing the ssh hope this helps someone here on the forum.

5 Likes

Random password changes