SSH to your Linux Server using Google Authenticator app

In this section, we will learn how to secure your ssh connection with MFA using Google authenticator app.

Before we start go ahead and download the google authenticator app to your mobile device.

After you successfully downloaded and install the google authenticator app on your mobile device go to your Linux server and install the google-authenticator PAM module by typing this command:

swarm@swarm3:~$ sudo apt install libpam-google-authenticator
Reading package lists... Done
Building dependency tree       
Reading state information... Done
libpam-google-authenticator is already the newest version (20191231-2).
0 upgraded, 0 newly installed, 0 to remove and 75 not upgraded

After the installation complete type following command:

swarm@swarm3:~$ google-authenticator

  • Follow the instructions and scan the bar-code by your google authenticator mobile app
  • You can type yes for every question that you encounter during the process of setting up the Google authentication app
  • After completion save the emergency scratch codes in a secure location, you will need it in case you lose your phone
  • You can do this process for every user on your Linux server.

Now we will need to enable “ChallengeResponseAuthentication” in the ssh config file.

swarm@swarm3:~$ sudo vi /etc/ssh/sshd_config

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication yes

Don’t forget to save the file by pressing :qw


Restart the SSH service:

swarm@swarm3:~$ sudo systemctl restart ssh


The final step is to add the google authentication module to the PAM ssh config file:

swarm@swarm3:~$ sudo vi /etc/pam.d/sshd

Add this line to the end of the config file and save the file:

auth required pam_google_authenticator.so

That’s it, now you can ssh to your server using google authentication

Verfication code: Enter the code that presented in your google authenticator app in your mobile device.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.