User Tools

Site Tools


2fa_linux

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
2fa_linux [2019/08/17 16:52] admin2fa_linux [2024/10/29 22:58] (current) admin
Line 44: Line 44:
 **NOTE:** It is possible to have multiple servers using the same code generated by your phone without adding multiple accounts. Simply replace the content of the file ''/root/.google_authenticator'' or ''/home/your_user/.google_authenticator'' after you have installed and configured the authenticator of the new server.  **NOTE:** It is possible to have multiple servers using the same code generated by your phone without adding multiple accounts. Simply replace the content of the file ''/root/.google_authenticator'' or ''/home/your_user/.google_authenticator'' after you have installed and configured the authenticator of the new server. 
  
-To use the Google 2 Factor Authenticator also in your Webmin do the following:+**To use the Google 2 Factor Authenticator also in your Webmin do the following:**
  
 ''nano /etc/webmin/miniserv.conf'' and add the line at the end of the file ''pam_conv=1'' ''nano /etc/webmin/miniserv.conf'' and add the line at the end of the file ''pam_conv=1''
 +
 +Then do:
 +
 +   nano /etc/pam.d/webmin
 +   auth required pam_google_authenticator.so
 +
 +Restart the Webmin Service with:
 +
 +   service webmin restart or systemctl restart webmin
 +
 +Shoud you have any login problems in Webmin, reset your password with:
 +
 +   cd /usr/share/webmin
 +   ./changepass.pl /etc/webmin/ username password
 +   systemctl restart webmin
  
 If you like to disable 2FA, just comment out ''auth required pam_google_authenticator.so nullok''  If you like to disable 2FA, just comment out ''auth required pam_google_authenticator.so nullok'' 
 in ''/etc/pam.d/common-auth.'' in ''/etc/pam.d/common-auth.''
  
 +
 +**USE THIS IF YOU JUST WANT TO HAVE SSH 2FA AUTHENTICATION** 
 +
 +*If you just want to enable 2FA for ssh not interfering with other applications do the following:*
 +
 +   apt install libpam-google-authenticator -y
 +
 +   google-authenticator
 +
 +   answer with Yes - Yes - Yes - No - Yes
 +
 +If you want to use a common code for all your machines alter it:
 +
 +   nano /root/.google_authenticator
 +
 +and replace the code according to your other servers at the top of the file
 +
 +   nano /etc/pam.d/sshd
 +   @include common-auth
 +   auth required pam_unix.so no_warn try_first_pass
 +   auth required pam_google_authenticator.so
 +
 +   nano /etc/ssh/sshd_config
 +   ChallengeResponseAuthentication yes
 +   PasswordAuthentication yes
 +   AuthenticationMethods keyboard-interactive (for older Debian versions)
 +   KbdInteractiveAuthentication yes (for newer Dbian versions)
 +   UsePAM yes
 +
 +   service ssh restart
 +
 +Thas all. 
  
 Enjoy,\\ Enjoy,\\
2fa_linux.1566053559.txt.gz · Last modified: 2019/08/17 16:52 by admin