Authenticate your SSH with Google Authenticator’s Two-Factor Authentication

Google is providing an opensource application named “Google Authenticator” which is based two-step authentication token. We can use this application to secure our server SSH. Authenticator provides a six digit number which users must provide in addition to their username and password to log into the Server. We need to install Google Authenticator PAM module on our server.

Install google authenticator on server:

After installation complete we need to configure it on the server. To complete the configuration issue the below command

It will ask you some additional question just press “Y/N” as per your requirement. Google Authenticator will provide you a secrete token and several emergency scratch codes like below given example. Save the emergency scratch codes somewhere safe. Those codes can be used one time each if you lose your mobile phone.

Then enter the secrete key in the Google Authenticator app on your mobile. Google Authenticator app’s are available for Android, iOS and Blackberry.


Activate Google Authenticator on Server:

Next we have to activate Google Authenticator with SSH for the we have to edit /etc/pam.d/sshd and /etc/ssh/sshd_config file.

Add the line

Now we will edit the other file

Find and modify the line as below:

Restart the SSH Service to take effect the new changes.

Now whenever you connect to the server you will promoted for the authentication code along with the passowrd.

The following two tabs change content below.

Tapas Mishra

Sr. Engineer (DevOps)
Loves to work on Opensource products. Having experience on Linux environment. Knowledge on Public cloud services like AWS, Rackspace, DigitalOcean, Linode. Please don't hesitate to give a comment on the posts. Your comments are my strength.

Leave a Reply