How to secure Ubuntu Server using Google Authenticator
Hello friends, today we are going to implement two-factor authentication on ubuntu. Two-factor authentication adds an extra layer of security. We are going to use google authenticator to implement two-factor authentication.
Before we start, once we have set this up, we will not be able to log into the account (or issue sudo commands) without a six-digit code from the authenticator. This also adds another step for us. Remember, however, this added step brings with it an extra layer of security we wouldn’t have otherwise.
First we are going to install google authenticator on our Ubuntu.
sudo apt-get install libpam-google-authenticator
After we install it we are going to configure our authenticator. Open /etc/pam.d/common-auth
sudo gedit /etc/pam.d/common-auth
Add a line auth required pam_google_authenticator.so
Now install google authenticator on your smartphone.
After configuring the authenticator we are going to setup google-authenticator. Now run command google-authenticator on terminal. When prompted select yes for time-based authentication. In time based authentication OTP will be valid for a particular period of time.
Now it will generate password and a QR-code. You can either create an account manually or simply scan the QR-code on your phone to setup your account.
Once you have created the account on your smartphone it will look something like this.
After creating the account on your smartphone, select yes to update google authenticator on terminal.
After updating it will ask multiple options to select the type of authentication you want. You can customize it according to your need.
Now we restart our system to check if the authenticator is working.
Now when we try to login it asks for verification code that will be available on your smartphone.
Author: Sayantan Bera is a technical writer at hacking articles and cyber security enthusiast. Contact Here