The following extra packages will be installed: To do that we need to start by installing the necessary PAM libraries: $ sudo apt-get install libpam-google-authenticator In this case, we’re going to “plug in” the Google Authenticator layer to the normal SSH login to prompt for a code after a user provides their password. As the name indicates, PAM supports the addition of arbitrary authentication modules. Linux login authentication is usually provided by the Pluggable Authentication Modules (PAM) libraries.
It is available from both the Play Store and the App Store. Using Google Authenticator to secure your Linux SSH loginsįirst thing’s first – download the Google Authenticator mobile app for your phone or tablet.
Google Authenticator is a software application that provides OTPs for use as a second factor of authentication. In this article, I’ll show you how to lock down your Linux SSH server using both methods – a Yubikey is required to provide the password and a Google Authenticator token is required to complete the login.Ī Yubikey is a hardware device that provides various cryptographic authentication mechanisms such as One Time Passwords (OTP) and Public Key Encryption (PKI). Another well known method requires users to be in possession of a hardware device that provides rotating passwords. The most common is Two-Factor Authentication (2FA) because 2FA requires you to prove you’re in possession of something in addition to knowing a username and password. Several authentication add-ons have been developed over the years to combat this inherent weakness in the standard user/password authentication model.
Internet connected services are especially vulnerable to login attacks because anyone in the world can log in to your account from the comfort of their own couch.
0 kommentar(er)
