Two Factor SSH Authentication.

Build it and learn to secure your system/server.


Two Factor SSH Authentication.

Postby tanmay.01 » Thu Aug 01, 2013 11:15 am

Now that OpenSSH 6.2 has now been released with full and proper support, the next release of Ubuntu (Saucy Salamander) will include it.


All you have to do is:

Code: Select all
apt-get install libpam-google-authenticator.


Users who want to continue using ssh must each run the command google-authenticator. This tool interatively helps you to create the file ~/.google_authenticator, which contains a shared secret and emergency passcodes. It's a terminal application, but it does still display a QR code for quick loading of the shared secret into your two factor device (in my case, this is the Google Authenticator app on my Android smartphone).

Edit
/etc/ssh/sshd_config
. Set:

ChallengeResponseAuthentication yes
PasswordAuthentication no
AuthenticationMethods publickey,keyboard-interactive


In case you have changed them in the past, you should also check the following two settings (these are both defaults on Ubuntu):

UsePAM yes
PubkeyAuthentication yes


Run
Code: Select all
sudo service ssh reload
to pick up your changes to
/etc/ssh/sshd_config.


Edit
/etc/pam.d/sshd
and replace the line:

@include common-auth


with:

auth required pam_google_authenticator.so


That's it! Now ssh logins will require a key, and after your key is verified will additionally require proof that you hold your second factor device.

Your existing ssh session should not be affected by these changes. So before you continue, make sure that you can still access the machine by authenticating with your new two factor system in another session. If you're using shared connections (or aren't sure), be sure to use the -Snone option to ssh in order to make sure that you don't accidentally skip authentication by re-using an existing connection.


How it Works : Just like google's two factor authentication.
HP ENVY 15
•3rd generation Intel(R) Core(TheeMahn) i5-3210M Processor (2.5 GHz with Turbo Boost up to 3.1 GHz)
• 1GB Radeon(TheeMahn) HD 7750M GDDR5 Graphics [HDMI]
• 6GB 1600DDR3 System Memory (2 Dimm)
• 750GB 7200 rpm Hard Drive
• Intel 2x2 802.11a/b/g/n WLAN + Bluetooth(R)
• Full-size Radiance backlit keyboard.

Image
User avatar
tanmay.01
Moderator
 
Posts: 253
Joined: Wed Dec 07, 2011 1:03 pm
Location: India
Age: 28
Operating System: Other Linux



Re: Two Factor SSH Authentication.

Postby ryanvade » Thu Aug 01, 2013 6:28 pm

Is there a version for 13.04? Or can I just build from source?
Image

Laptop: HP dv6t-7000 CTO Desktop: Compaq Presario SR21632wm
i5 2450m Pentium D 960 @ 4 GHz
6 GB ram 2 GB ram
Intel HD 3000 Graphics / Nvidia GT 630M Nvidia GT 520 @ 820 MHz
Diamond II-B 3.10-rc4/Windows 7 Home Premium KDE | Windows 7 Starter/Arch Linux

Paid supporter of the Linux Foundation
User avatar
ryanvade
Moderator
 
Posts: 499
Joined: Sat Apr 28, 2012 10:54 am
Operating System: Other Linux



Re: Two Factor SSH Authentication.

Postby tanmay.01 » Thu Aug 01, 2013 10:50 pm

You will have to build it if there is no ppa.

Sent from my Nexus 4
HP ENVY 15
•3rd generation Intel(R) Core(TheeMahn) i5-3210M Processor (2.5 GHz with Turbo Boost up to 3.1 GHz)
• 1GB Radeon(TheeMahn) HD 7750M GDDR5 Graphics [HDMI]
• 6GB 1600DDR3 System Memory (2 Dimm)
• 750GB 7200 rpm Hard Drive
• Intel 2x2 802.11a/b/g/n WLAN + Bluetooth(R)
• Full-size Radiance backlit keyboard.

Image
User avatar
tanmay.01
Moderator
 
Posts: 253
Joined: Wed Dec 07, 2011 1:03 pm
Location: India
Age: 28
Operating System: Other Linux



Re: Two Factor SSH Authentication.

Postby araina » Thu Oct 09, 2014 8:28 am

As a system administrator, Linux security technician or system auditor, your responsibility can involve any combination of these: software patch management, malware scanning, file integrity checks, security audit, configuration error checking, etc. If there is an automatic vulnerability scanning tool, it can save you a lot of time checking up on common security issues.
araina
U.E. Newbie
U.E. Newbie
 
Posts: 1
Joined: Thu Oct 09, 2014 8:25 am
Operating System: Ultimate Edition 3.0 32 BIT


Return to Server and Security

Who is online

Users browsing this forum: No registered users and 0 guests