0 votes

First off, sorry if this is the wrong section, I couldn't find one super applicable to this question...BUT:

I'm working on setting up Google Authenticator 2FA for all SSH logins on my server, I started following a forum post here, but it seems like they've really simplified the process so I ended up following another, more generic CentOS post here. So far I've done the following:

Installed google-authenticator.
yum install google-authenticator

Setup the the app on my phone, and initiated google-authenticator.

Modified /etc/pam.d/sshd with the line:
auth required google-authenticator

Modified /etc/ssh/sshd_config to show:
ChallengeResponseAuthentication yes

#ChallengeResponseAuthentication no

Restarted the sshd service.

After that I completely exited ssh, and reconnected to it, trying both my root, and user account. Neither seems to have been impacted by anything I changed, at all. It simply has me login as normal. Does anyone have experience with this? Have you guys tried adding 2FA to your systems lately? Any help is much appreciated!
Friday, August 05 2016, 05:12 PM
Share this post:
Responses (1)
  • Accepted Answer

    Monday, August 08 2016, 02:26 PM - #Permalink
    0 votes
    I think you missed a step (I was working off another doc for Clear7, but I'd imagine this part is the same);


    Add to top of file:

    auth       required

    service sshd restart

    The reply is currently minimized Show
Your Reply