02 Sep Google Authenticator Two-Factor Authentication on CentOS 7
if you are using vas services or some important site/data and you think that’s secure. then you are thinking wrong because there are too many people on the internet that wants all valuable and important data to collect and after that remove from there path. Then you got the message like “we have a backup of all your files if you want that then contact me on this and this or demanding money” so we have to secure our data as much as possible.
one more thing, if someone knows your VPS server port and trying to login again and again.
Then what you will do?
Obeacially you will change the port of ssh. (is that the solution think)
we have to add on a more secure method for login on the VPS server that’s named as two-factor authentication. How we will add that. its very simple just copies my commands and you will able to add google two-factor authentication.
First of all, we will install the open-source Google Authenticator PAM module by executing the following command on the shell.
yum install google-authenticator
This command will install Google authenticator on your Centos 7 Server. The next step is to get the verification code. It’s a very simple command to get the verification code and scratch codes by just answering simple questions of the server which he will ask you. You can do that step by running the following command:
“When you run this command it asks you Question: type “y” for all. for the first Question, it will show you the links and a QR code you have to copy that and save that”
You will get an output like the following screenshot which is being displayed to help you step by step as this step is very important and crucial. Write down the emergency scratch codes somewhere safe, they can only be used one time each, and they’re intended for use if you lose your phone.
Now download the Google authenticator application on your Mobile phone, the app exists for Android and iPhone. Well, I have Android so I will download it from Google Play Store where I searched it out just by typing “google-authenticator”.
The next step is to change some files which we will start by first changing /etc/pam.d/sshd. Add the following line to the bottom of the line:
auth required pam_google_authenticator.so
Change the next file which is /etc/ssh/sshd_config. Add the following line in the file and if it’s already placed then change the parameter to “yes”:
Now restart the service of ssh by the following command:
service sshd restart
The last step is to test the service by connecting with SSH to the server to see if it will require verification code.
on chrome to set verification code you have to add chrome extension name as google authenticator or click here to add.
after that open it and scan that QR code, you will get verification code.
every time on chrome.
if any issue occurs comment here or you can join my facebook page and ask me there.