![\"google-authenticator-ssh-header\"](\"https:\/\/noi3.org\/site\/wp-content\/uploads\/2014\/03\/google-authenticator-ssh-header.png\" "\\"google-authenticator-ssh-header\\"")
<\/p>\n \t<\/p>\n
\tWant to secure your SSH server with easy-to-use two-factor authentication? Google provides the necessary software to integrate Google Authenticator\u2019s time-based one-time password (TOTP) system with your SSH server. You\u2019ll have to enter the code from your phone when you connect.<\/p>\n
<\/p>\n
\t<\/p>\n
\tWant to secure your SSH server with easy-to-use two-factor authentication? Google provides the necessary software to integrate Google Authenticator\u2019s time-based one-time password (TOTP) system with your SSH server. You\u2019ll have to enter the code from your phone when you connect.<\/p>\n
\tGoogle Authenticator doesn\u2019t \u201cphone home\u201d to Google \u2014 all the work happens on your SSH server and your phone. In fact, Google Authenticator is completely open-source<\/a>, so you can even examine its source code yourself.<\/p>\n \tTo implement multifactor authentication with Google Authenticator, we\u2019ll need the open-source Google Authenticator PAM module. PAM stands for \u201cpluggable authentication module\u201d \u2013 it\u2019s a way to easily plug different forms of authentication into a Linux system.<\/p>\n \tUbuntu\u2019s software repositories contain an easy-to-install package for the Google Authenticator PAM module. If your Linux distribution doesn\u2019t contain a package for this, you\u2019ll have to download it from the Google Authenticator downloads page<\/a> on Google Code and compile it yourself.<\/p>\n \tTo install the package on Ubuntu, run the following command:<\/p>\n \t\tsudo apt-get install libpam-google-authenticator<\/p>\n<\/blockquote>\n \t(This will only install the PAM module on our system \u2013 we\u2019ll have to activate it for SSH logins manually.)<\/p>\n \t \tLog in as the user you\u2019ll be logging in with remotely and run the google-authenticator <\/strong>command to create a secret key for that user.<\/p>\n \tAllow the command to update your Google Authenticator file by typing y. You\u2019ll then be prompted with several questions that will allow you to restrict uses of the same temporary security token, increase the time window that tokens can be used for, and limit allowed acces attempts to hinder brute-force cracking attempts. These choices all trade some security for some ease-of-use.<\/p>\n \t \tGoogle Authenticator will present you with a secret key and several \u201cemergency scratch codes.\u201d Write down the emergency scratch codes somewhere safe \u2013 they can only be used one time each, and they\u2019re intended for use if you lose your phone.<\/p>\n \t \tInstall Google Authenticator<\/h3>\n
\n
![\"\"](\"https:\/\/noi3.org\/site\/wp-content\/uploads\/2014\/03\/image163.png\" "\\"image\\"")
<\/p>\n \tCreate an Authentication Key<\/h3>\n
![\"\"](\"https:\/\/noi3.org\/site\/wp-content\/uploads\/2014\/03\/image164.png\" "\\"image\\"")
<\/p>\n![\"\"](\"https:\/\/noi3.org\/site\/wp-content\/uploads\/2014\/03\/image165.png\" "\\"image\\"")
<\/p>\n
![\"\"](\"https:\/\/noi3.org\/site\/wp-content\/uploads\/2014\/03\/image166.png\" "\\"image\\"")
<\/p>\n![\"\"](\"https:\/\/noi3.org\/site\/wp-content\/uploads\/2014\/03\/image167.png\" "\\"image\\"")
<\/p>\n![\"\"](\"https:\/\/noi3.org\/site\/wp-content\/uploads\/2014\/03\/image168.png\" "\\"image\\"")
<\/p>\n![\"\"](\"https:\/\/noi3.org\/site\/wp-content\/uploads\/2014\/03\/google-authenticator-ssh-header1.png\" "\\"google-authenticator-ssh-header\\"")
<\/p>\n