Traditional login credentials on a Linux system involves a username and password. However, a lot of services are adding two-factor authentication in order to be more secure, so not only something you know (the password) but also something you have (an authenticator). This can be easily done using the Google Authenticator, an app you can download on any modern smartphone.
You can add the same capability to your Linux system so that the login process will ask you for your password and the token.
The following root commands will get the Google Authenticator library and instal it on your system, along with NTP to ensure the clock is kept in sync, which is crucial for this to work:
yum install ntp systemctl enable ntpd systemctl start ntpd yum install pam-devel wget https://github.com/google/google-authenticator/archive/master.zip unzip master.zip cd google* ./bootstrap.sh ./configure make make install
First, you need to add Google Authenticator to the list of modules available for the login process as root:
echo "auth required /usr/local/lib/security/pam_google_authenticator.so nullok" >> /etc/pam.d/sshd echo "ChallengeResponseAuthentication yes" >> /etc/ssh/sshd_config systemctl reload sshd
Then, you should run the command line utility to register your phone as whichever user you want to use two-factor authentication with:
That’s it! From now on you will have to enter the current token in order to login as that user.