How VPS - How to use/setup VPS
  • Home
  • Management guides
    • Web servers software
      • Directadmin
      • Hocvps Script
      • Centmin Mod
      • CWP
      • Kloxo-MR
      • Plesk
    • Control Panels
    • Securing VPS/Servers
      • SSL Certificates
      • Upgrading
      • Authentication
  • Operating System
    • CentOS
    • Fedora
    • Debian
    • Linux
    • Arch
    • BSD
    • CoreOS
  • Reviews
  • Coupon
    • Domain Coupon
    • Hosting Coupon
No Result
View All Result
  • Home
  • Management guides
    • Web servers software
      • Directadmin
      • Hocvps Script
      • Centmin Mod
      • CWP
      • Kloxo-MR
      • Plesk
    • Control Panels
    • Securing VPS/Servers
      • SSL Certificates
      • Upgrading
      • Authentication
  • Operating System
    • CentOS
    • Fedora
    • Debian
    • Linux
    • Arch
    • BSD
    • CoreOS
  • Reviews
  • Coupon
    • Domain Coupon
    • Hosting Coupon
No Result
View All Result
How VPS - How to use/setup VPS
No Result
View All Result
Home Operating System Debian

How to Setup Two-Factor Authentication (2FA) for SSH on Debian 9 Using Google Authenticator

How VPS by How VPS
November 1, 2019
in Debian
0
0
SHARES
64
VIEWS
Share on FacebookShare on Twitter

Contents

  1. Using a Different System?
  2. Prerequisites
  3. Step 1: Installing the Google Authenticator Library
  4. Step 2: Configure Google Authenticator for each user
  5. Step 3: Configure SSH to use Google Authenticator
  6. Note
  7. Conclusion
  8. Want to contribute?

Using a Different System?

  • How To Setup Two-Factor Authentication (2FA) for SSH on Ubuntu 14.04 using Google Authenticator

Are we missing a guide for your target system? Request one, or submit your own!


There are several ways of logging into a server over SSH. Methods include password login, key-based login and two-factor authentication.

Two-factor authentication is a much better type of protection. In the event that your computer gets compromised, the attacker would still need an access code to login.

In this tutorial, you will learn how to set up two-factor authentication on Debian 9 using Google Authenticator and SSH.

Prerequisites

  • A Debian 9 server (or newer).
  • A non-root user with sudo access.
  • A smart phone (Android or iOS) with the Google Authenticator App installed. You can also use Authy or any other app supporting Time-based One-Time Password (TOTP) logins.

Step 1: Installing the Google Authenticator Library

We need to install the Google Authenticator Library module available for Debian, which will allow the server to read and validate codes.

sudo apt update
sudo apt install libpam-google-authenticator -y

Step 2: Configure Google Authenticator for each user

Configure the module.

google-authenticator

Once you run the command, you will be asked certain questions. The first question will be Do you want authentication tokens to be time-based (y/n)

Press Y and you will get a QR code, secret key, verification code, and emergency backup codes.

Take out your phone and open the Google Authenticator app. You can either scan the QR code or add the secret key to add a new entry. Once you have done that, note the backup codes and keep them safe somewhere. In case your phone gets misplaced or damaged, you can use those codes to login.

For the remaining questions, press Y when asked to update the .google_authenticator file, Y for disallowing multiple uses of the same token, N for increasing the time-window and Y to enable rate-limiting.

You will have to repeat this step for all of the users on your machine, otherwise they won’t be able to login once you are through with this tutorial.

Step 3: Configure SSH to use Google Authenticator

Now that all users on your machine have set up their Google authenticator app, its time to configure the SSH to use this authentication method over the current one.

Enter the following command to edit the sshd file.

sudo nano /etc/pam.d/sshd

Find the line @include common-auth and comment it out, like what is shown below.

# Standard Un*x authentication.
#@include common-auth

Add the following line to the bottom of this file.

auth required pam_google_authenticator.so

Press CTRL + X to save and exit.

Next, enter the following command to edit the sshd_config file.

sudo nano /etc/ssh/sshd_config

Find the term ChallengeResponseAuthentication and set its value to yes. Also find the term PasswordAuthentication, uncomment it, and change its value to no.

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

The next step is to add the following line to the bottom of the file.

AuthenticationMethods publickey,keyboard-interactive

Save and close the file by pressing CTRL + X. Now that we have configured the SSH server to use the Google Authenticator, its time to restart it.

sudo service ssh restart

Try logging back into the server. This time you will be asked for your Authenticator code.

ssh [email protected]

Authenticated with partial success.
Verification code:

Enter the code that your app generates and you will be logged in successfully.

Note

In case you lose your phone, use the backup codes from Step 2. If you lost your backup codes, you can always find them in the .google_authenticator file under the user home directory after you login via the Vultr console.

Conclusion

Having two-factor authentication greatly improves your server’s security and allows you to help thwart common brute force attacks.

Want to contribute?

You could earn up to $300 by adding new articles

Submit your article
Suggest an update
Request an article
How VPS

How VPS

Related Posts

Debian

How to Install WonderCMS on Debian 9

November 1, 2019
Debian

Using MySQL Views on Debian 7

November 1, 2019
Debian

How to Install and Configure TaskBoard on Debian 9

November 1, 2019
Next Post

How to Install osTicket on Debian 10

Install Gnome Desktop with TightVNC on Debian 7

How to Install Koel on Debian 9

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 121 Followers
  • 87.2k Followers

Recommended

Setup Mumble on Ubuntu

3 years ago

How to Install Shopware CE on Debian 9

3 years ago

Creating a Jekyll Blog on Ubuntu 16.04

3 years ago

How to Install InvoicePlane on Fedora 28

3 years ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • Arch
  • Authentication
  • Backups
  • BSD
  • Centmin Mod
  • CentOS
  • Control Panels
  • CoreOS
  • CWP
  • Debian
  • Directadmin
  • Encryption
  • Fedora
  • Firewalls
  • Hocvps Script
  • Hosting providers
  • Kloxo-MR
  • Linux
  • Mitigations
  • Operating System
  • Plesk
  • Reviews
  • Securing VPS/Servers
  • Security Patches
  • SSL Certificates
  • Uncategorized
  • Upgrading
  • VPS/Servers management guides
  • Vulnerability Detection
  • Web servers software
  • Webhosting Control Panel

Topics

Apache Web Server Bluehost Review 2019 Bluehost Review 2020 Bluehost Review 2021 Centmin Mod CentminMod centos install htop fsck htop install HTTP DoS attack Install Snort on an Ubuntu install Zabbix on CentOS install Zabbix on CentOS 7 Linux Commands linux guide linux install htop linux vps setup guide MariaDB MariaDB Error Mysql mysqld error optimize MariaDB optimize Mysql snort Ubuntu
No Result
View All Result

Highlights

Top Free Web Hosting Control Panels To Manage VPS/Dedicated Servers

Webmin Reviews

Virtualmin Reviews

CentOS Web Panel Reviews

Ajenti Reviews

ISPConfig Reviews

Trending

Failed to download metadata for repo 'appstream' on Centos 8
CentOS

How to fix error: Failed to download metadata for repo ‘appstream’ on Centos 8

by How VPS
February 25, 2022
0

I tried to update some extensions by use yum on centOs which I specified in Dockerfile. After...

How to Fix MySQL Error "Plugin 'InnoDB' registration as a STORAGE ENGINE failed"?

How to Fix MySQL Error “Plugin ‘InnoDB’ registration as a STORAGE ENGINE failed”?

November 17, 2020
How to optimize Mysql or MariaDB

How to optimize Mysql or MariaDB

November 3, 2020
Top Free Web Hosting Control Panels To Manage VPS/Dedicated Servers

Top Free Web Hosting Control Panels To Manage VPS/Dedicated Servers

February 17, 2020
Webmin Reviews

Webmin Reviews

February 17, 2020
How VPS – How to use/setup VPS

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • How to fix error: Failed to download metadata for repo ‘appstream’ on Centos 8 February 25, 2022
  • How to Fix MySQL Error “Plugin ‘InnoDB’ registration as a STORAGE ENGINE failed”? November 17, 2020
  • How to optimize Mysql or MariaDB November 3, 2020

Categories

  • Arch
  • Authentication
  • Backups
  • BSD
  • Centmin Mod
  • CentOS
  • Control Panels
  • CoreOS
  • CWP
  • Debian
  • Directadmin
  • Encryption
  • Fedora
  • Firewalls
  • Hocvps Script
  • Hosting providers
  • Kloxo-MR
  • Linux
  • Mitigations
  • Operating System
  • Plesk
  • Reviews
  • Securing VPS/Servers
  • Security Patches
  • SSL Certificates
  • Uncategorized
  • Upgrading
  • VPS/Servers management guides
  • Vulnerability Detection
  • Web servers software
  • Webhosting Control Panel

[mc4wp_form]

© 2018 JNews - City News Magazine WordPress theme. All rights belong to their respective owners.
JNews is a top selling 2018 WordPress News, Blog, Newspaper & Magazine Theme.

No Result
View All Result
  • Home

© 2023 JNews - Premium WordPress news & magazine theme by Jegtheme.