• Contact
  • Contact Us
  • Disclamer
  • Home 1
  • Home 2
  • Home 3
  • Privacy Policy
Sunday, May 25, 2025
How VPS - How to use/setup VPS
  • Login
  • Home
  • Management guides
    • Web servers software
      • Directadmin
      • Hocvps Script
      • Centmin Mod
      • CWP
      • Kloxo-MR
      • Plesk
    • Control Panels
    • Securing VPS/Servers
      • SSL Certificates
      • Upgrading
      • Authentication
  • Operating System
    • CentOS
    • Fedora
    • Debian
    • Linux
    • Arch
    • BSD
    • CoreOS
  • Reviews
  • Coupon
    • Domain Coupon
    • Hosting Coupon
No Result
View All Result
  • Home
  • Management guides
    • Web servers software
      • Directadmin
      • Hocvps Script
      • Centmin Mod
      • CWP
      • Kloxo-MR
      • Plesk
    • Control Panels
    • Securing VPS/Servers
      • SSL Certificates
      • Upgrading
      • Authentication
  • Operating System
    • CentOS
    • Fedora
    • Debian
    • Linux
    • Arch
    • BSD
    • CoreOS
  • Reviews
  • Coupon
    • Domain Coupon
    • Hosting Coupon
No Result
View All Result
How VPS - How to use/setup VPS
No Result
View All Result
Home Operating System Linux

How To Setup Two-Factor Authentication (2FA) for SSH on Ubuntu 14.04 using Google Authenticator

How VPS by How VPS
January 1, 2020
in Linux
0
0
SHARES
29
VIEWS
Share on FacebookShare on Twitter

Contents

  1. Using a Different System?
  2. Step 1: Prerequisites
  3. Step 2: Installing Google Authenticator Library
  4. Step 3: Configure Google Authenticator for each user
  5. Step 4: Configure SSH to use Google Authenticator
  6. Note
  7. Conclusion
    1. Other versions
  8. Want to contribute?

Using a Different System?

  • How to Setup Two-Factor Authentication (2FA) for SSH on Debian 9 Using Google Authenticator

Are we missing a guide for your target system? Request one, or submit your own!


There are several ways of logging into a server over SSH. Methods include password login, key-based login, and two-factor authentication.

Two-factor authentication is a much better type of protection. In the event that your computer gets compromised, the attacker would still need an access code to login.

In this tutorial, you will learn how to set up two-factor authentication on an Ubuntu server using Google Authenticator and SSH.

Step 1: Prerequisites

  • An Ubuntu 14.04 server (or newer).
  • A non-root user with sudo access.
  • A smart phone (Android or iOS) with the Google Authenticator App installed. You can also use Authy or any other app supporting TOTP based logins.

Step 2: Installing Google Authenticator Library

We need to install the Google Authenticator Library module available for Ubuntu which will allow the server to read and validate codes. Run the following commands.

sudo apt-get update
sudo apt-get install libpam-google-authenticator

Step 3: Configure Google Authenticator for each user

To configure the module, just run the following command.

google-authenticator

Once you run the command, you will be asked certain questions. The first question would be:

Do you want authentication tokens to be time-based (y/n)

Press y and you will get a QR code, secret key, verification code, and emergency backup codes.

Take out your phone and open the Google Authenticator app. You can either scan the QR code or add the secret key to add a new entry. Once you have done that, note down the backup codes and keep them safe somewhere. In case your phone gets misplaced or damaged, you can use those codes to login.

For the remaining questions, press y when asked to update the .google_authenticator file, y for disallowing multiple uses of same token, n for increasing time-window, and y to enable rate-limiting.

You will have to repeat Step 3 for all of the users on your machine, otherwise they won’t be able to login once you are through with this tutorial.

Step 4: Configure SSH to use Google Authenticator

Now that all users on your machine have set up their Google authenticator app, its time to configure the SSH to use this authentication method over the current one.

Enter the following command to edit the sshd file.

sudo nano /etc/pam.d/sshd

Find the line @include common-auth and comment it out like below.

# Standard Un*x authentication.
#@include common-auth

Add the following line to the bottom of this file.

auth required pam_google_authenticator.so

Press Ctrl + X to save and exit.

Next, enter the following command to edit the sshd_config file.

sudo nano /etc/ssh/sshd_config

Find the term ChallengeResponseAuthentication and set its value to yes. Also find the term PasswordAuthentication, uncomment it, and change its value to no.

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

Next step is to add the following line to the bottom of the file.

AuthenticationMethods publickey,keyboard-interactive

Save and close the file by pressing Ctrl + X. Now that we have configured the SSH server to use the Google Authenticator, its time to restart it.

sudo service ssh restart

Try logging back into the server. This time you will be asked for your Authenticator code.

ssh user@serverip

Authenticated with partial success.
Verification code:

Enter the code that your app generates and you will be logged in successfully.

Note

In case you lose your phone, use the backup codes from Step 2. If you lost your backup codes, you can always find them in the .google_authenticator file under the user home directory after you login via Vultr console.

Conclusion

Having multiple factor authentication greatly improves your server’s security and allows you to help thwart common brute force attacks.

Other versions

  • Ubuntu
  • CentOS

Want to contribute?

You could earn up to $300 by adding new articles

Submit your article
Suggest an update
Request an article
Previous Post

Installing Softaculous on cPanel/DirectAdmin/Plesk

Next Post

Setup Barnyard 2 With Snort

Next Post

Setup Barnyard 2 With Snort

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

No Result
View All Result

Recent Post

Install Imagemagick on CentOS
CentOS

Install Imagemagick on CentOS

by How VPS
June 28, 2023
0

This is how I installed Imagemagick on a vanilla CentOS server Start off by installing the prerequisites yum install php-pear...

Read more
how to Check phpinfo

How to Check phpinfo of Hosting or VPS?

June 28, 2023
Failed to download metadata for repo 'appstream' on Centos 8

How to fix error: Failed to download metadata for repo ‘appstream’ on Centos 8

February 25, 2022
How to Fix MySQL Error "Plugin 'InnoDB' registration as a STORAGE ENGINE failed"?

How to Fix MySQL Error “Plugin ‘InnoDB’ registration as a STORAGE ENGINE failed”?

November 17, 2020
How to optimize Mysql or MariaDB

How to optimize Mysql or MariaDB

November 3, 2020

Recent News

  • Install Imagemagick on CentOS
  • How to Check phpinfo of Hosting or VPS?
  • How to fix error: Failed to download metadata for repo ‘appstream’ on Centos 8

Category

  • Arch
  • Authentication
  • Backups
  • BSD
  • Centmin Mod
  • CentOS
  • Control Panels
  • CoreOS
  • CWP
  • Debian
  • Directadmin
  • Encryption
  • Fedora
  • Firewalls
  • Hocvps Script
  • Hosting providers
  • Kloxo-MR
  • Linux
  • Mitigations
  • Operating System
  • Plesk
  • Reviews
  • Securing VPS/Servers
  • Security Patches
  • SSL Certificates
  • Uncategorized
  • Upgrading
  • VPS/Servers management guides
  • Vulnerability Detection
  • Web servers software
  • Webhosting Control Panel
  • About
  • Advertise
  • Careers
  • Contact

© 2025 JNews - Premium WordPress news & magazine theme by Jegtheme.

No Result
View All Result
  • Home
  • Management guides
    • Web servers software
      • Directadmin
      • Hocvps Script
      • Centmin Mod
      • CWP
      • Kloxo-MR
      • Plesk
    • Control Panels
    • Securing VPS/Servers
      • SSL Certificates
      • Upgrading
      • Authentication
  • Operating System
    • CentOS
    • Fedora
    • Debian
    • Linux
    • Arch
    • BSD
    • CoreOS
  • Reviews
  • Coupon
    • Domain Coupon
    • Hosting Coupon

© 2025 JNews - Premium WordPress news & magazine theme by Jegtheme.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Thabet