==
sudo yum install make gcc pam-devel
TOTP (timebased one-time-password) security tokens are time sensitive. Hence, make sure that your system has ntpd running, and is configured to start the service at boot:
sudo yum install ntp
sudo service ntpd start
sudo yum install epel-release
sudo yum install google-authenticator
sh automated_google_authenticator.sh #script is present on https://gist.github.com/vikas17a/57fab41584a75530e1a4
You will get url of QR-code open up scan the url from google-authenticator application and Verification code
- In /etc/pam.d/sshd add following line on top
- auth sufficient pam_access.so accessfile=/etc/security/access-local.conf
- auth required pam_google_authenticator.so
- #Comment it auth include password-auth
- In /etc/ssh/sshd_config change following onfiguration
- UsePAM yes
- PubkeyAuthentication yes
- RequiredAuthentications2 publickey,keyboard-interactive
- ChallengeResponseAuthentication yes
- Append following configuration at bottom of sshd_conf
Match Group deploy
RequiredAuthentications2 publickey
sudo service sshd restart
To use the same authenticator verification code for another user on same machine or different machine
- Copy .google_authenticator from user1 home directory to home directory of user2 (user2 will use the same verification code as of user1)
- Change owner of .google_authenticator in home directory of user2
- Use
chown -R user2:user2 .google_authenticator
- Change permission of .google_authenticator for user2 readonly with
chmod 400 .google_authenitcator
- Now you can login with user2 using same QR code authentication code generator used by user1