Vadim Grinco It's not denial. I'm just selective about the reality i accept.

4Dec/123

Google Authenticator PAM module for RHEL6

I thought I would give it a try to google authenticator pam module so I built it for RHEL6. You should theoretically be able to use it on any derivative tree including CentOS, Scientific Linux, and others.

Instructions:

# Configure my repo

wget -O /etc/yum.repos.d/chaos.repo http://yum.vadimgrinco.com/repo/rhel/chaos.repo

# Install google authenticator pam module and its dependencies

yum -y install libpam-google-authenticator

# Run the initial configuration of google authenticator and scan the QR code

google-authenticator

# Edit /etc/pam.d/sshd to enable google authenticator

sed -e "s/auth.*include.*password-auth/authtrequiredtpam_google_authenticator.son/" -i /etc/pam.d/sshd

Now it's time to configure sshd for challange-response auth:

# disable plain password authentication over encrypted tunnel (default)

sed -e "s/PasswordAuthentication.*/PasswordAuthentication no/" -i /etc/ssh/sshd_config

# enable challenge-response authentication

sed -e "s/ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/" -i /etc/ssh/sshd_config

# enable pam support

sed -e "s/UsePAM.*/UsePAM yes/" -i /etc/ssh/sshd_config

Restart sshd and enjoy the new security feature of your server.

Filed under: RHEL, Security 3 Comments
   
October 2018
M T W T F S S
« Dec    
1234567
891011121314
15161718192021
22232425262728
293031  

Recent Comments

Fedora (1)
Hacking (3)
RHEL (1)
Security (1)
Uncategorized (2)
Vareous (4)

WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.