4Dec/123
Google Authenticator PAM module for RHEL6
I thought I would give it a try to google authenticator pam module so I built it for RHEL6. You should theoretically be able to use it on any derivative tree including CentOS, Scientific Linux, and others.
Instructions:
# Configure my repo
wget -O /etc/yum.repos.d/chaos.repo http://yum.vadimgrinco.com/repo/rhel/chaos.repo |
# Install google authenticator pam module and its dependencies
yum -y install libpam-google-authenticator |
# Run the initial configuration of google authenticator and scan the QR code
google-authenticator |
# Edit /etc/pam.d/sshd to enable google authenticator
sed -e "s/auth.*include.*password-auth/authtrequiredtpam_google_authenticator.son/" -i /etc/pam.d/sshd |
Now it's time to configure sshd for challange-response auth:
# disable plain password authentication over encrypted tunnel (default)
sed -e "s/PasswordAuthentication.*/PasswordAuthentication no/" -i /etc/ssh/sshd_config |
# enable challenge-response authentication
sed -e "s/ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/" -i /etc/ssh/sshd_config |
# enable pam support
sed -e "s/UsePAM.*/UsePAM yes/" -i /etc/ssh/sshd_config |
Restart sshd and enjoy the new security feature of your server.