Difference between revisions of "Google-authenticator"
From Notes_Wiki
m |
m |
||
Line 1: | Line 1: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Security tools]] > [[Google-authenticator|google authenticator]] | |||
We can use google-authenticator for setting up to two factor authentication on Linux systems. To setup authentication follow these steps: | We can use google-authenticator for setting up to two factor authentication on Linux systems. To setup authentication follow these steps: | ||
Line 35: | Line 34: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Security tools]] > [[Google-authenticator|google authenticator]] |
Latest revision as of 16:01, 24 March 2022
Home > CentOS > CentOS 6.x > Security tools > google authenticator
We can use google-authenticator for setting up to two factor authentication on Linux systems. To setup authentication follow these steps:
- Download latest version using 'git clone https://code.google.com/p/google-authenticator' or from http://code.google.com/p/google-authenticator/downloads/list
- Compile using 'make' and install using 'make install'
- Additionally copy file pam_google_authenticator.so to /lib/security using 'cp pam_google_authenticator.so /lib/security'
- Add line ' auth required pam_google_authenticator.so' at the top of file '/etc/pam.d/sshd'
- Use 'yum -y install qrencode'
- Type 'google-authenticator' for user for whom you want to setup two factor authentication and scan the qrcode using Google authenticator andriod app. Andriod app can be installed from https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
- Ensure that SELinux is either disabled or set proper labels on pam module binaries that got installed.
- Edit '/etc/ssh/sshd_config' and set 'ChallengeResponseAuthentication yes'
- Restart sshd service
- Save generated "One time passwords" at secure location
- Test by using ssh to given account of given machine
Disable google-authenticator for trusted machines
To disable google-authenticator for trusted machines use:
- Edit '/etc/pam.d/sshd' such that it has following starting lines:
- auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-local.conf
- auth required pam_google_authenticator.so
- Now create file '/etc/security/access-local.conf</tt?' with contents similar to
- + : ALL : 10.0.0.0/24
- + : ALL : LOCAL
- - : ALL : ALL
- Then use 'service sshd restart'
- Then try to ssh from trusted machine to verify that password is still being prompted (unless key based authentication is used) but google authenticator verfication code is not prompted.
Home > CentOS > CentOS 6.x > Security tools > google authenticator