Google Authenticator is a TOTP (Time based One Time Password) PAM (Pluggable Authentication Module) which is supported and serviced by Google.
Questions tagged [google-authenticator]
64 questions
28
votes
3 answers
Trying to get SSH with public key (no password) + google authenticator working on Ubuntu 14.04.1
I'm using Ubuntu 14.04.1 (with OpenSSH 6.6 and libpam-google-authenticator 20130529-2).
I'm trying to set up SSH logins where the public key authenticates (without a password) and a user is prompted for a code from Google's…
JT.
- 383
- 1
- 3
- 6
11
votes
2 answers
How to enable 2-factor auth using Google Authenticator for .ovpn file based openVPN access?
I have an openVPN setup where the users do not have shell accounts on the Debian VM running openVPN. The articles I found while Googling all have instructions of setting up Google Authenticator for a classical *nix user (needing to execute the…
Animesh
- 249
- 1
- 2
- 9
8
votes
1 answer
ssh with passphrase, fallback to Google Authenticator
With the introduction of Google Authenticator and the ability to use it with ssh I was wondering if someone has gone through a sshd_config setup which would
first expect a key
if this fails, fall back to an authentication with Google…
WoJ
- 3,607
- 9
- 49
- 79
6
votes
1 answer
OpenVPN 2.4 + Google Authenticator = authentication failure
We have a corporate VPN server running OpenVPN 2.3 on an AWS instance with Ubuntu 16.04 Xenial. The server has been configured using an Ansible playbook.
I'm planning to upgrade to Ubuntu 18.04 Bionic, which also upgrades OpenVPN to version 2.4…
Vlad Nikiforov
- 453
- 6
- 15
6
votes
1 answer
How to set-up google-authenticator and set specific match rules to allow different login rules?
I'm trying to set Google-Authenticator (google 2 factor authentication).
The relevant files are:
[root@srv01 ~]# cat /etc/pam.d/sshd
#%PAM-1.0
auth required pam_google_authenticator.so
auth required pam_sepermit.so
auth include …
Itai Ganot
- 10,644
- 29
- 93
- 146
6
votes
1 answer
Need help understanding PAM directives
I have the following directives in my /etc/pam.d/sshd file on a RHEL5 box and I'm a bit confused. These directives are there to make LDAP+RADIUS+OTP work. What I'm trying to do is tell pam not to check users UID < 499 for LDAP+RADIUS+OTP and also to…
Sidd
- 103
- 1
- 9
5
votes
2 answers
Public-Key -or- Password & Google Authenticator for SSH Login
I found an article (http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators-two-factor-authentication/) that explains how to configure OpenSSH to ask for a Google Authenticator code upon a successful login.
Is it possible to…
EduAlm
- 165
- 2
- 6
5
votes
2 answers
Google authenticator with Openldap or Fedora 389 Server or FreeIPA
After a little googling I could see some references of configuring Google Authenticator with Windows Active Directory, however, I could not see how I could do it on Linux/CentOS system.
What would be involved in setting up Google Authenticator on…
chandank
- 847
- 3
- 14
- 31
5
votes
2 answers
SSH public key authentication with google authenticator still asks for password
I'm trying to enable 2FA with ssh using libpam-google-authenticator. Not all users need authenticator enabled. Everybody uses ssh public keys, and nobody has a password. I'm running Debian buster, and I've also tried libpam-google-authenticator from…
Hamish Moffatt
- 201
- 2
- 11
4
votes
1 answer
SSH Google Authenticator Ignore/Whitelist ips
I installed google authenticator (two step verification), "libpam-google-authenticator" package, although it asks for a code for every single connection to SSH. I want to put localhost and my own ip whitelisted from google authenticator so I and…
PhysiOS
- 432
- 7
- 15
4
votes
2 answers
industry standards for using google-authenticator with linux users?
Would like to ask, particularly those who run large environments with lots of users, if there are any standardized- or industry-recommended ways to securely distribute the verification codes to remote users and/or force the user to rerun…
Michael Martinez
- 2,645
- 3
- 24
- 35
4
votes
2 answers
Google Authenticator PAM for specific users
My current sshd PAM config:
#%PAM-1.0
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session …
ceejayoz
- 32,910
- 7
- 82
- 106
3
votes
1 answer
Require SSH key + Google Authenticator for one account, SSH key only for another
I am trying to setup an SSH authentication structure, but I'm struggling with issues in /etc/ssh/sshd_config vs /etc/pam.d/sshd.
Requirements:
Accounts with root/sudo privileges
require public key authentication, followed immediately by
Google…
Yankee
- 131
- 6
2
votes
1 answer
Ubuntu-18.04 and libpam-google-authenticator not prompting for keyboard-interactive
On a new Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-1017-aws x86_64), I have installed Google Authenticator [1] and configured it in the following way
/etc/pam.d/sshd
#@include common-auth
...
auth required pam_google_authenticator.so…
Christian
- 796
- 3
- 13
- 31
2
votes
3 answers
Google-authenticator with openvpn - AUTH: Received control message: AUTH_FAILED
I'm trying to set up MFA with Google authenticator for my OpenVPN setup on Ubuntu 16.04. Now OpenVPN works fine until I bring Google Authenticator into the mix.
My server.conf file reads as follows:
port 1194
proto udp
dev tun
ca ca.crt
cert…
Arjun Balakrishnan
- 21
- 1
- 3