How to install the Google 2FA command on AlmaLinux

How to install the Google 2FA command on AlmaLinux

How to install the Google 2FA command on AlmaLinux, Instructions to sign in with SSH 2FA

This is significant. You will need to test the login before you exit out of your present terminal window, in the event that something turned out badly. Open a second terminal on your neighborhood machine and SSH to the distant worker. You ought to be first provoked for a secret word (or SSH key secret word, on the off chance that you have SSH key validation set up) and for the 2FA code. In case you’re permitted in, achievement! If not, revisit and check your work.

The most effective method to introduce the google-authenticator order on AlmaLinux

To start with, we should introduce the google-authenticator order on AlmaLinux. This product is found in the EPEL storehouse, which must be first introduced with the order:

sudo dnf install epel-release -y

When the repo is empowered, introduce the product (and an instrument that will permit QR codes to be printed inside a terminal window) with the order:

sudo dnf install google-authenticator grencode-libs -y

Instructions to make an SSH key

You don’t really require an SSH key on the AlmaLinux worker, however, you will require the ~/.ssh catalog. You can make that physically, yet you’d need to ensure the consents are awesome, in any case, there will be issues. Thus, it’s ideal to simply allow SSH to deal with the production of that index.

To make an SSH key, issue the order:

ssh-keygen

Acknowledge the default area (~/.ssh) and make a secret word for the key.

Instructions to create the QR code for 2FA

To add AlmaLinux to your 2FA application, we need to run the google-authenticator order. Nonetheless, we will run it to such an extent that it dumps the essential record into the recently made ~/.ssh index. The order for this is:

google-authenticator – s ~/.ssh/google_authenticator

Try to answer y to every one of the inquiries. At the point when you see the QR code imprinted in the terminal window (you’ll likely need to grow your terminal window to see the whole code), try to add it with your authenticator application on your cell phone – how you do that will rely upon the application you use.

Since we’re putting away the google_authenticator document in a non-standard area, we need to reestablish the SELinux setting with the order:

sudo restorecon -Rv ~/.ssh/

Instructions to arrange SSH for 2FA

Since you have 2FA set up, you’ll need to design SSH to work with it. Open the SSH daemon setup record with the order:

sudo nano /etc/pam.d/sshd

At the lower part of that record, add the accompanying two lines:

auth       required     pam_google_authenticator.so secret=/home/${USER}/.ssh/google_authenticator nullok 
auth       required     pam_permit.so

Open the SSH config record with the order:

sudo nano /etc/ssh/sshd_config

Look at the two lines:

#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

Change to lines to:

ChallengeResponseAuthentication yes
#ChallengeResponseAuthentication no

Save and close the document. Restart the SSH daemon with the order:

sudo systemctl restart sshd