If you want to secure SSH with Authenticator of more specifically with MFA, then you need to complete some amendments to your server configuration, for this guide I am using CentOS, lets get started....
First you need to install the Google Authentication module with this command:
sudo dnf install google-authenticator
That should look like this:
You then need to run the setup with this command:
google-authenticator
That should look like this, where you will be asked to configure the software:
This will then see the setup process, I would answer "yes" for everything unless you have a reason not to:
Then you need to configure SSH to work with this extension,
sudo nano /etc/pam.d/sshd
That will look like this:
Then add these lines to the top of that file:
Press Ctrl + X and then "y" to save the changes:
Then you need to SSH configuration file with this:
sudo nano /etc/ssh/sshd_config
This will then see the setup process, I would answer "yes" for everything unless you have a reason not to:
Then you need to configure SSH to work with this extension,
sudo nano /etc/pam.d/sshd
That will look like this:
Then add these lines to the top of that file:
auth required pam_google_authenticator.so nullok
auth required pam_permit.so
Press Ctrl + X and then "y" to save the changes:
Then you need to SSH configuration file with this:
That will look like this:
You will need to add this to the file:
Now you need to restart the SSH service with this:
sudo service sshd restart
That should look like this :
Then when you login you will require your OTP code from your mobile, sweet!
You will need to add this to the file:
ChallengeResponseAuthentication yes
AuthenticationMethods publickey,password publickey,keyboard-interactive
That will look like this:
Press Ctrl + X and then "y" to save the changes:
Press Ctrl + X and then "y" to save the changes:
Now you need to restart the SSH service with this:
sudo service sshd restart
That should look like this :
Then when you login you will require your OTP code from your mobile, sweet!