Jump to content
metin2dev
Ekstasia2
Sign in to follow this  
Ken

Two-Factor Authentication On FreeBSD

Recommended Posts

At first the people can say "what i do if i have loss my phone." You can't loss your phone if you are doing this. What ever

 

Everyone know this system as Google Authenticatior. This is not only for this.

  • Google
  • LastPass
  • Facebook
  • Dropbox & Spideroak
  • Microsoft
  • Yahoo! Mail
  • Amazon Web Services (AWS)
  • A few mmorpg is use this system for theirself games.
Step 1 :

 

- Install libqrencode. This lib provide see QR Code in your SSH terminal.

cd /usr/ports/graphics/libqrencode
make && make install
Step 2 :

 

- Install Google Authenticator.

cd /usr/ports/security/pam_google_authenticator
make && make install
Step 3 :

 

- Download Google Authenticator from Google Play and install that.

 

Step 4 :

 

Write this command in your ssh terminal. Write "y" for each question. You will see QR code. Take that QR Code via your android phone. Google Authenticator is show you that program in google play if you don't have Bardcode scanner. 

google-authenticator
Step 5 :

 

Write this command in your ssh terminal.

ee /etc/ssh/sshd_config
after find this :

#ChallengeResponseAuthentication yes
Change via this :

ChallengeResponseAuthentication yes
Step 6 :

 

Write this command in your ssh terminal again.

ee /etc/pam.d/sshd file
after add this :

auth     optional     /usr/local/lib/pam_google_authenticator.so
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Step 6.5 :

 

Follow this If you are not sure to loss your phone

 

Write this command in your ssh terminal again.

ee /etc/pam.d/sshd file
after add this

auth     requisite     /usr/local/lib/pam_google_authenticator.so
- What is change? 

 

Google authenticator give a few password (Step 2 end). Save them When you are trying to log in again, you should write the code from what google authenticator give for pwd.

 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Step 7 :

 

Write this command in your ssh terminal.

service sshd reload
- How is work this system ?

 

Google authenticator is create new password in 5-10 seconds. They must know this if someone know your password. 

 

Screen from my server.

 

BsJHZiy.png?1

 

 

€dit 2:

 

If someone want to apply this theirself webpage, here a link for you

Kind Regards

Zerelth ~ Ellie

Edited by Zerelth™
  • Like 13

Share this post


Link to post
Share on other sites

It's not working for me...

I follow the guide, but when I try to open putty again it doesn't ask me for the code...

May be because I already have Authentication Key enabled?

EDIT: Solved

Besides this changes I also had to had this to sshd_config:

Match User username
    AuthenticationMethods publickey,keyboard-interactive

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×