How to configure 2FA authentication using Google authenticator on Ubuntu 18.04 CLI.

This is a quick reference guide on how to configure 2FA authentication using Google authenticator on Ubuntu 18.04.

WARNING: Please be extremely cautious when configuring this as you could potentially lock yourself out of your system if mis-configured.

In this guide I will create a separate user for 2FA authentication and leave root as password authentication only.

1. Create a new user

root@testssh:/etc/ssh# adduser authtest

2. Edit /etc/ssh/sshd_config

root@testssh:/etc/ssh# nano /etc/ssh/sshd_config

Change ChallengeResponseAuthentication to yes

3. Install Google Authenticator

root@testssh:/etc/ssh#apt-get update
root@testssh:/etc/ssh# apt-get install libpam-google-authenticator

4. Change to user and run Google Authenticator

IMPORTANT: Only run this command in the user account that you would like to authenticate using 2FA Authentication.

root@testssh:/etc/ssh# su authtest
authtest@testssh:/etc/ssh$ google-authenticator

Once you have run the google-authenticator command and answered some questions about your preferences, you will receive your token information to set up your token used to generate your OTP.

If by accident you run this command in the wrong user account: To revert this you can delete this from the users home directory by running the following command.

rm /home/authtest/.google_authenticator

To remove from root

root@VPS:~# rm .google_authenticator

5. Change back to root and edit /etc/pam.d/common-auth

authtest@testssh:/etc/ssh$ exit
exit
root@testssh:/etc/ssh#
nano /etc/pam.d/common-auth

add the following line to the bottom of the file:

auth required pam_google_authenticator.so nullok

6. Restart sshd

root@testssh:/etc/ssh# service sshd restart

7. Test Authentication

At this point I would open a duplicate putty window and test that root still has password authentication.

To test the 2FA authentication – you will be prompted for you password and then your OTP that is generated using your google Authenticator app.

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s