Vadim Grinco It's not denial. I'm just selective about the reality i accept.


Google Authenticator PAM module for RHEL6

I thought I would give it a try to google authenticator pam module so I built it for RHEL6. You should theoretically be able to use it on any derivative tree including CentOS, Scientific Linux, and others.


# Configure my repo

wget -O /etc/yum.repos.d/chaos.repo //

# Install google authenticator pam module and its dependencies

yum -y install libpam-google-authenticator

# Run the initial configuration of google authenticator and scan the QR code


# Edit /etc/pam.d/sshd to enable google authenticator

sed -e "s/auth.*include.*password-auth/authtrequiredtpam_google_authenticator.son/" -i /etc/pam.d/sshd

Now it's time to configure sshd for challange-response auth:

# disable plain password authentication over encrypted tunnel (default)

sed -e "s/PasswordAuthentication.*/PasswordAuthentication no/" -i /etc/ssh/sshd_config

# enable challenge-response authentication

sed -e "s/ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/" -i /etc/ssh/sshd_config

# enable pam support

sed -e "s/UsePAM.*/UsePAM yes/" -i /etc/ssh/sshd_config

Restart sshd and enjoy the new security feature of your server.

Filed under: RHEL, Security 3 Comments