https://www.maketecheasier.com/setup-two-factor-authentication-ubuntu
Two-factor
authentication is a great answer to the many problems with traditional
passwords. It’s a great way to add an additional level of security to your accounts. Now you can apply two-factor authentication to your Linux desktop.
With Google Authenticator installed on your phone, it’s time to set it up on your Linux desktop. There’s a package that you need to install in order to integrate Linux’s existing authentication system with the Google Authenticator.
Now that you have everything in place, you can start configuring it all to work together. Open up the file at “/etc/pam.d/common-auth” with
Right above that line, add in this one:
Save that and close the file.
Every user on the computer will need to run the
After
you run the command, it will begin asking you questions about how you
want your authentication set up. The questions explain themselves fairly
thoroughly. For security reasons, the recommendation of this guide is to answer: yes, yes, no, no, yes. Of course, you can choose something else, if it’s a better fit for you.
After you answer all the questions, the script will present you with a series of codes and a key. The key is what you will use to set up the Google Authenticator app on Android. The “scratch codes” are one-time-use codes that you can use to access your computer if you don’t have your phone. Print or write those down. You can use the other code immediately, if you need to.
Open up your Android app and tap on “Begin.” Then, select “Enter a provided key.” Create a name for your account and type in the secret key that the Linux script provided.
You’ll even need the authenticator to use root privileges with sudo, too.
All of this amounts to much more security for your system, and that’s a good thing. Of course, you have to decide what the right balance is for you.
Install Google Authenticator on Android
To start, you’re going to need the Google Authenticator app for your Android device. It’s a simple app for generating authentication codes that correspond to linked devices.Install Google Authenticator on Linux
With Google Authenticator installed on your phone, it’s time to set it up on your Linux desktop. There’s a package that you need to install in order to integrate Linux’s existing authentication system with the Google Authenticator.
sudo apt install libpam-google-authenticator
Configure Linux
Now that you have everything in place, you can start configuring it all to work together. Open up the file at “/etc/pam.d/common-auth” with
sudo in your favorite text editor. Locate the line below.auth [success=1 default=ignore] pam_unix.so nullok_secure
auth required pam_google_authenticator.so
Every user on the computer will need to run the
google-authenticator
command. This will run you through the process of setting up the
authentication for the user. If you don’t do it, the user won’t be able
to log in. After you set up the first one, you can set up the others
with sudo su username.google-authenticator
After you answer all the questions, the script will present you with a series of codes and a key. The key is what you will use to set up the Google Authenticator app on Android. The “scratch codes” are one-time-use codes that you can use to access your computer if you don’t have your phone. Print or write those down. You can use the other code immediately, if you need to.
Configure Android
Open up your Android app and tap on “Begin.” Then, select “Enter a provided key.” Create a name for your account and type in the secret key that the Linux script provided.
The Results
After that you’ll need to open up the Google Authenticator app on Android and generate a code every time you’re asked to provide your password on Linux. Your Linux PC is more secure against password-based attacks. Take a look at what the login screen looks like with two-factor authentication enabled.You’ll even need the authenticator to use root privileges with sudo, too.
All of this amounts to much more security for your system, and that’s a good thing. Of course, you have to decide what the right balance is for you.
No comments:
Post a Comment