How to install Google OTP on Centos 7 use SSH

 

Step1. Prepare to install Google OTP

yum install pam-devel gcc autoconf automake libtool

 

Step2. Install Google OTP by yum

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install google-authenticator

 

Step3. Pam configuration

#%PAM-1.0
auth       required     pam_google_authenticator.so nullok 
auth       required     pam_sepermit.so

Step4. SSH Configuration

sed -i '/#%PAM/a auth\ \ \ \ \ \ \ required\ \ \ \ \ pam_google_authenticator.so' /etc/pam.d/sshd
sed -i 's/#ChallengeResponseAuthentication\ yes/ChallengeResponseAuthentication\ yes/g' /etc/ssh/sshd_config
sed -i 's/ChallengeResponseAuthentication\ no/#ChallengeResponseAuthentication\ no/g' /etc/ssh/sshd_config
systemctl reload sshd
systemctl enable sshd

TroubleShooting

check ssh logon log

tail/cat /var/log/secure

 

check Pam configuration

vi /etc/pam.d/sshd

The default path of the google authenticator configuration file is $ {HOME} / google_authenticator, but if it is saved in this path, SELinux will block it.

 

Check the server time and synchronize with the time server with the following command.

ntpdate -q pool.ntp.org

 

How to install Google OTP on Centos 7 use SSH

How to install Google OTP on Centos 7 use SSH

 

Facebook Comments

Leave A Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.