Jump to content

Two-Factor Authentication On FreeBSD


Recommended Posts

  • Bronze

At first the people can say "what i do if i have loss my phone." You can't loss your phone if you are doing this. What ever

 

Everyone know this system as Google Authenticatior. This is not only for this.

  • Google
  • LastPass
  • Facebook
  • Dropbox & Spideroak
  • Microsoft
  • Yahoo! Mail
  • Amazon Web Services (AWS)
  • A few mmorpg is use this system for theirself games.
Step 1 :

 

- Install libqrencode. This lib provide see QR Code in your SSH terminal.

cd /usr/ports/graphics/libqrencode
make && make install
Step 2 :

 

- Install Google Authenticator.

cd /usr/ports/security/pam_google_authenticator
make && make install
Step 3 :

 

- Download Google Authenticator from Google Play and install that.

 

Step 4 :

 

Write this command in your ssh terminal. Write "y" for each question. You will see QR code. Take that QR Code via your android phone. Google Authenticator is show you that program in google play if you don't have Bardcode scanner. 

google-authenticator
Step 5 :

 

Write this command in your ssh terminal.

ee /etc/ssh/sshd_config
after find this :

#ChallengeResponseAuthentication yes
Change via this :

ChallengeResponseAuthentication yes
Step 6 :

 

Write this command in your ssh terminal again.

ee /etc/pam.d/sshd file
after add this :

auth     optional     /usr/local/lib/pam_google_authenticator.so
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Step 6.5 :

 

Follow this If you are not sure to loss your phone

 

Write this command in your ssh terminal again.

ee /etc/pam.d/sshd file
after add this

auth     requisite     /usr/local/lib/pam_google_authenticator.so
- What is change? 

 

Google authenticator give a few password (Step 2 end). Save them When you are trying to log in again, you should write the code from what google authenticator give for pwd.

 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Step 7 :

 

Write this command in your ssh terminal.

service sshd reload
- How is work this system ?

 

Google authenticator is create new password in 5-10 seconds. They must know this if someone know your password. 

 

Screen from my server.

 

BsJHZiy.png?1

 

 

€dit 2:

 

If someone want to apply this theirself webpage, here a link for you

Kind Regards

Zerelth ~ Ellie

Edited by Metin2 Dev
Core X - External 2 Internal
  • Metin2 Dev 5
  • Love 14

Do not be sorry, be better.

Link to comment
Share on other sites

  • 1 year later...
  • 2 years later...
  • Management

It's not working for me...

I follow the guide, but when I try to open putty again it doesn't ask me for the code...

May be because I already have Authentication Key enabled?

EDIT: Solved

Besides this changes I also had to had this to sshd_config:

Match User username
    AuthenticationMethods publickey,keyboard-interactive

 

raw

raw

Link to comment
Share on other sites

Announcements



×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.