2fa_linux
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
2fa_linux [2019/05/02 18:37] – admin | 2fa_linux [2024/10/29 22:58] (current) – admin | ||
---|---|---|---|
Line 17: | Line 17: | ||
The next step is to configure SSH to be able to login remotely. If you don’t configure this you won’t be able to ssh to your server anymore. | The next step is to configure SSH to be able to login remotely. If you don’t configure this you won’t be able to ssh to your server anymore. | ||
- | Enable the PAM module by editing '' | + | Enable the PAM module by editing '' |
- | is at the end of the file and commented out. The comment usually will be at the top of the file. If you have to login twice you have the argument two times! | + | is at the end of the file. The comment usually will be at the top of the file. If you have to login twice you have the argument two times! |
- | '' | + | |
+ | Set the follwoing lines '' | ||
Do a '' | Do a '' | ||
Line 29: | Line 30: | ||
You now have to configure 2FA for every user who needs access to the system. Start configuring your own user and then all other users by doing the following: | You now have to configure 2FA for every user who needs access to the system. Start configuring your own user and then all other users by doing the following: | ||
- | * Type in the command '' | + | Type in the command '' |
- | | + | Type '' |
Write down the settings which will be presented (make sure you store them in a save place). These are the rescue settings if you don't get in anymore. Parallel to that open the Google Authenticator on you phone and enter the new settings directly into your Authenticator Settings on your phone. Give it a name (it doesn' | Write down the settings which will be presented (make sure you store them in a save place). These are the rescue settings if you don't get in anymore. Parallel to that open the Google Authenticator on you phone and enter the new settings directly into your Authenticator Settings on your phone. Give it a name (it doesn' | ||
Line 43: | Line 44: | ||
**NOTE:** It is possible to have multiple servers using the same code generated by your phone without adding multiple accounts. Simply replace the content of the file ''/ | **NOTE:** It is possible to have multiple servers using the same code generated by your phone without adding multiple accounts. Simply replace the content of the file ''/ | ||
+ | **To use the Google 2 Factor Authenticator also in your Webmin do the following: | ||
+ | |||
+ | '' | ||
+ | |||
+ | Then do: | ||
+ | |||
+ | nano / | ||
+ | auth required pam_google_authenticator.so | ||
+ | |||
+ | Restart the Webmin Service with: | ||
+ | |||
+ | | ||
+ | |||
+ | Shoud you have any login problems in Webmin, reset your password with: | ||
+ | |||
+ | cd / | ||
+ | | ||
+ | | ||
+ | |||
+ | If you like to disable 2FA, just comment out '' | ||
+ | in ''/ | ||
+ | |||
+ | |||
+ | **USE THIS IF YOU JUST WANT TO HAVE SSH 2FA AUTHENTICATION** | ||
+ | |||
+ | *If you just want to enable 2FA for ssh not interfering with other applications do the following:* | ||
+ | |||
+ | apt install libpam-google-authenticator -y | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | If you want to use a common code for all your machines alter it: | ||
+ | |||
+ | nano / | ||
+ | |||
+ | and replace the code according to your other servers at the top of the file | ||
+ | |||
+ | nano / | ||
+ | | ||
+ | auth required pam_unix.so no_warn try_first_pass | ||
+ | auth required pam_google_authenticator.so | ||
+ | |||
+ | nano / | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | Thas all. | ||
Enjoy,\\ | Enjoy,\\ | ||
Line 50: | Line 105: | ||
\\ | \\ | ||
**[[linux|BACK]]** | **[[linux|BACK]]** | ||
- |
2fa_linux.1556815025.txt.gz · Last modified: 2019/05/02 18:37 by admin