Differences

This shows you the differences between two versions of the page.

--- 2fa_linux [2022/10/11 20:04] – chris
+++ 2fa_linux [2024/10/29 22:58] (current) – admin
@@ Line 44: / Line 44: @@
 **NOTE:** It is possible to have multiple servers using the same code generated by your phone without adding multiple accounts. Simply replace the content of the file ''/root/.google_authenticator'' or ''/home/your_user/.google_authenticator'' after you have installed and configured the authenticator of the new server.
-To use the Google 2 Factor Authenticator also in your Webmin do the following:
+**To use the Google 2 Factor Authenticator also in your Webmin do the following:**
 ''nano /etc/webmin/miniserv.conf'' and add the line at the end of the file ''pam_conv=1''
+Then do:
+   nano /etc/pam.d/webmin
+   auth required pam_google_authenticator.so
+Restart the Webmin Service with:
+   service webmin restart or systemctl restart webmin
+Shoud you have any login problems in Webmin, reset your password with:
+   cd /usr/share/webmin
+   ./changepass.pl /etc/webmin/ username password
+   systemctl restart webmin
 If you like to disable 2FA, just comment out ''auth required pam_google_authenticator.so nullok''
@@ Line 69: / Line 84: @@
    nano /etc/pam.d/sshd
-   <del> @include common-auth </del>
+   @include common-auth
    auth required pam_unix.so no_warn try_first_pass
    auth required pam_google_authenticator.so
@@ Line 75: / Line 90: @@
    nano /etc/ssh/sshd_config
    ChallengeResponseAuthentication yes
-   <del>PasswordAuthentication yes</del>
+   PasswordAuthentication yes
-   <del>AuthenticationMethods keyboard-interactive</del>
+   AuthenticationMethods keyboard-interactive (for older Debian versions)
+   KbdInteractiveAuthentication yes (for newer Dbian versions)
    UsePAM yes