Posted on by tomas

2FA setup for Ubuntu

STEP 1: HAVE AN AUTHENTICATOR APP ON YOUR PHONE

Installing and configuring required packages

apt-get install libpam-google-authenticator

Configuring PAM SSH module

vim /etc/pam.d/sshd

ADD TO TOP (after @include common-auth):

auth required pam_google_authenticator.so

Configuring SSH Service

vim /etc/ssh/sshd_config

CHANGE:

ChallengeResponseAuthentication yes

ADD (if you want public_key ONLY) :

AuthenticationMethods publickey,keyboard-interactive

RESTART SSH:

systemctl restart sshd.service

Running the Google Authenticator

Run to create OTP code:

google-authenticator

Make tokens “time-base””: yes
Update the .google_authenticator file: yes
Disallow multiple uses: yes
Increase the original generation time limit: no
Enable rate-limiting: yes