Skip to content

Instantly share code, notes, and snippets.

@jeffgeiger

jeffgeiger/SSH_2FA_Google.md

Last active March 13, 2018 03:40
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jeffgeiger/6239a6074de3a419437ecb5df23c6f72 to your computer and use it in GitHub Desktop.
Save jeffgeiger/6239a6074de3a419437ecb5df23c6f72 to your computer and use it in GitHub Desktop.
Download ZIP
Quick and dirty setup guide for Google Auth 2FA on CentOS7
Raw
SSH_2FA_Google.md 
## Build RPM as per https://github.com/google/google-authenticator-libpam/blob/master/contrib/README.rpm.md
# Do this elsewhere, you don't want dev tools on a box you're trying to secure.  ;) 
# Also note, the repo has moved, so you need to adjust the git path:
# https://github.com/google/google-authenticator-libpam

sudo yum install epel-release -y
sudo yum install qrencode qrencode-devel qrencode-libs
sudo yum install google-authenticator-1.03-1.el7.centos.x86_64.rpm
google-authenticator  #per-user setup
sudo vim /etc/pam.d/sshd
# Add (top item)
# ---
auth       sufficient   pam_google_authenticator.so
# ---

sudo vim /etc/ssh/sshd_config
# Modify /etc/ssh/sshd_config  (Add/change the following)
# ---
ChallengeResponseAuthentication yes
UsePAM yes
AuthenticationMethods publickey,keyboard-interactive
PasswordAuthentication no
# ---

systemctl restart sshd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment