Google-authenticator on Linux

Google-authenticator

1 Setting up Google-authenticator

To setup google-authenticator it is necessary to see that the time
is setup right on your machine. I had some initial problems with my ntp. If you are using a raspberry pi for example do not forget to enable ntp

 

after figuring out the right way it worked like a charm.
This is what i did to get it to work ( see Use this link to get another
view).

2 Download libpam-google-authenticator


Run the actual program as the user you want to use authenticator for.

Answer the question as they come along…
Make sure you are using time-based authentication.

Scan the QR-code in the authenticator app on your mobile, this should
create an entry in your authenticator.

When all done you should have a file in the home directory
.google_authenticator

3 Configuring PAM

Time to configure ssh deamon to use the authenticator.
in /etc/pam/sshd add the following line at the bottom of the file:

The nullok tells the PAM that this authentication method is
optional, as soon as every user has authenticator then remove it.

4 Configure sshd

Now its time to configure sshd.
open the ssh configuration file /etc/ssh/sshd_config

Search for ChallengeResponseAuthentication

change it to yes.

And restart the ssh daemon

systemctl restart sshd

Make sure you test it before you logout!

Date: 2018:08:05

Author: Calle Olsen

Created: 2018-08-05 Sun 13:53

Emacs 25.2.2 (Org mode 8.2.10)

Validate