ArtIT Wiki

User Tools

Site Tools

Trace:
2fa_linux

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
2fa_linux [2019/06/21 09:04] admin2fa_linux [2024/10/29 22:58] (current) admin
Line 44: Line 44:
 **NOTE:** It is possible to have multiple servers using the same code generated by your phone without adding multiple accounts. Simply replace the content of the file ''/root/.google_authenticator'' or ''/home/your_user/.google_authenticator'' after you have installed and configured the authenticator of the new server.  **NOTE:** It is possible to have multiple servers using the same code generated by your phone without adding multiple accounts. Simply replace the content of the file ''/root/.google_authenticator'' or ''/home/your_user/.google_authenticator'' after you have installed and configured the authenticator of the new server. 
  
 +**To use the Google 2 Factor Authenticator also in your Webmin do the following:**
 +
 +''nano /etc/webmin/miniserv.conf'' and add the line at the end of the file ''pam_conv=1''
 +
 +Then do:
 +
 +   nano /etc/pam.d/webmin
 +   auth required pam_google_authenticator.so
 +
 +Restart the Webmin Service with:
 +
 +   service webmin restart or systemctl restart webmin
 +
 +Shoud you have any login problems in Webmin, reset your password with:
 +
 +   cd /usr/share/webmin
 +   ./changepass.pl /etc/webmin/ username password
 +   systemctl restart webmin
 +
 +If you like to disable 2FA, just comment out ''auth required pam_google_authenticator.so nullok'' 
 +in ''/etc/pam.d/common-auth.''
 +
 +
 +**USE THIS IF YOU JUST WANT TO HAVE SSH 2FA AUTHENTICATION** 
 +
 +*If you just want to enable 2FA for ssh not interfering with other applications do the following:*
 +
 +   apt install libpam-google-authenticator -y
 +
 +   google-authenticator
 +
 +   answer with Yes - Yes - Yes - No - Yes
 +
 +If you want to use a common code for all your machines alter it:
 +
 +   nano /root/.google_authenticator
 +
 +and replace the code according to your other servers at the top of the file
 +
 +   nano /etc/pam.d/sshd
 +   @include common-auth
 +   auth required pam_unix.so no_warn try_first_pass
 +   auth required pam_google_authenticator.so
 +
 +   nano /etc/ssh/sshd_config
 +   ChallengeResponseAuthentication yes
 +   PasswordAuthentication yes
 +   AuthenticationMethods keyboard-interactive (for older Debian versions)
 +   KbdInteractiveAuthentication yes (for newer Dbian versions)
 +   UsePAM yes
 +
 +   service ssh restart
 +
 +Thas all. 
  
 Enjoy,\\ Enjoy,\\
Line 51: Line 105:
 \\ \\
 **[[linux|BACK]]** **[[linux|BACK]]**
- 
2fa_linux.1561100674.txt.gz · Last modified: 2019/06/21 09:04 by admin