![]() Now we need to edit the ssh server config at /etc/ssh/sshd_config. Īuth required pam_google_authenticator.so nullok Comment it out and add the following directly below. ![]() Since we now have the newest OpenSSH installed, the configuration is identical now.Īt first edit /etc/pam.d/sshd and search for common-auth, which should be right at the top of the file. ![]() Install it with ~$ apt-get -y install libpam-google-authenticator Configure OpenSSH on Jessie and Stretchįor Jessie and Stretch this is straightforward. We need to install the Google Authenticator for Jessie, so we don't have to built it from source: ~$ cd /tmp If you want to be able to scan the QR-Code with your favorite 2FA-App directly from the terminal you might also want to install the following package: ~$ apt-get -y install libqrencode3. When it asks to overwrite /etc/pam.d/sshd say Yes. ~$ apt-get -y -t wheezy-backports install openssh-server All commands are supposed to be executed with root or using sudo: ~$ echo "deb wheezy-backports main" > /etc/apt//backports.list Just run the following commands to install the Wheezy backports to your system. I have only tested this on Wheezy and Stretch but Jessie should work exactly like Stretch.Īlso OpenSSH on Debian Wheezy is by default too old for 2FA but we can use the backported OpenSSH-Server for that. We assume that your SSH already uses Pubkey-Authentication while PasswordAuthentication is disabled.Īlso this guide should also work on Debian's derivates and maybe other distros. This guide shows you, how you can add 2FA to your OpenSSH on Debian Wheezy, Jessie and Stretch using Google Authenticator.
0 Comments
Leave a Reply. |