![]() An unconfigured/misconfigured SSH server can be vulnerable to hackers and third-party access too. However, it is only as secure as its configuration file allows. SSH is a powerful security tool that allows authenticated users to log in to a remote system. Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.Ssh you have a passphrase enabled for your key, you will be logged in automatically. Learn more about Ubuntu with The Mastering Linux Development Bundle from TechRepublic Academy. Just make sure as you do this that you’re testing via a second terminal window, so you can remain logged into the original should anything go wrong (and you can reset the configurations). Once you’ve verified SSH Key Authentication works, you can disable password authentication by opening the SSH configuration with:Ĭongratulations, you’ve just configured Ubuntu Server 22.04 for a much more secure SSH login process. On the server, open the SSH daemon config file with:Īt the bottom of that file, add the following line:ĪuthenticationMethods publickey,keyboard-interactive If you use SSH Key Authentication (and you should), there’s an extra step you must take. How to enable 2FA with SSH Key Authentication Upon successfully typing the 2FA code, you should be allowed access to the server. You will first be prompted for your user password and then prompted for the 2FA code. Next, open a new terminal window and attempt to log into the remote machine. Under the line common-auth, add the following line:Īuth required pam_google_authenticator.so Next, open the PAM configuration file with: Note: In Ubuntu releases prior to 22.04, the above line will be: Next, locate the following line and change no to yes: Open the SSH daemon configuration file with:įirst, locate the following line and make sure it is set to yes: Now that 2FA is installed and configured, we also have to configure the SSH daemon to make use of it. You will also want to enable rate-limiting when prompted by typing y, which limits attackers to no more than three login attempts every 30 seconds. When prompted, type y for the last question to allow up to a 30-second time-skew between the authentication server and client. Go ahead and type y to accept this, as it can help prevent man-in-the-middle attacks. Next, you’ll be prompted to disallow multiple uses of the same authentication token. Make sure to copy and save them in a safe place such as a password manager and then type y when prompted to update the ~/.google_authenticator file. Once confirmed, you will see the emergency codes for 2FA. You will then be prompted to type the code from the app so the account can be confirmed. Scan the QR code with your 2FA app (such as Authy) or type the secret key if the code is too large for the app to scan and hit enter. Your best bet is to log in via SSH, so you can resize the terminal to view the entire QR code ( Figure A).įigure A A (blurred out) QR code generated by the google-authenticator app. There’s one gotcha with this: If you’re logged directly into the terminal of the physical machine in question, you might not be able to see the entire code. You will then be presented with a QR code that can be scanned by your 2FA application. You’ll be asked if you want authentication tokens to be time-based, which you want. You’ll then need to run the command to create a secret key. Sudo apt-get install libpam-google-authenticator -y Log into your Ubuntu instance and issue the command: This is a command-line tool that makes it possible to add 2FA authentication on your server. The first thing to do is install a single package: Google Authenticator. A running instance of Ubuntu Server 22.04.SEE: 40+ open source and Linux terms you need to know (TechRepublic Premium) What you’ll need Learn how to set up SSH 2FA on your Ubuntu Server. Once enabled, only people with the properly generated 2FA codes (along with their regular credentials) will be given access. One way to prevent this is to enable two-factor authentication on the server. When you open your Linux servers up for SSH login, there’s always a chance someone could break into that server and do bad things. Learn how to add an extra layer of Secure Shell protection to your Ubuntu servers with the help of two-factor authentication. How to enable SSH 2FA on Ubuntu Server 22.04
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |