Setting Up Google Auth on SSH on CentOS-7
·
ssh
google-authentication
2fa
security
Follow Digital Ocean tutorial for the setup: https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-centos-7
Notes on /etc/ssh/sshd_config:
- With
UsePAM yes, bothpasswordandkeyboard-interactivefollow/etc/pam.d/sshd PasswordAuthentication yesis the same asAuthenticationMethods password
Differences between AuthenticationMethods password and keyboard-interactive:
passwordaccepts only 1 response from the userkeyboard-interactiveaccepts multiple responses from user
Enforcing both password and Google Authenticator to login:
- Use
keyboard-interactiveto ensure successful authentication with 2FA and password
Prompt differences:
- password:
(hugo@192.168.0.14) Password: - keyboard-interactive:
Password:
Time synchronization:
- Crucial for accurate authentication
- For Docker, ensure the host’s clock is synchronized