fruworg/fruworg.github.io
1
0
Fork 0
mirror of https://github.com/fruworg/fruworg.github.io.git synced 2024-09-28 13:30:33 +03:00
Code Issues Packages Projects Releases Wiki Activity
539a28446d
fruworg.github.io/content/posts/ssh-2fa-totp.md

53 lines
1.3 KiB
Markdown
Raw Normal View History

Committer: fruworg <im@fruw.org> On branch main Your branch is up to date with 'origin/main'. Changes to be committed: new file: .gitmodules new file: archetypes/default.md new file: config.toml new file: content/posts/ald-pro.md new file: content/posts/astra-fly.md new file: content/posts/astra-freeipa.md new file: content/posts/bareos-install.md new file: content/posts/cifs-automount.md new file: content/posts/create-user-keytab.md new file: content/posts/create-user-keytab.md.save new file: content/posts/dhcp-resolv.md new file: content/posts/github-ssh-auth.md new file: content/posts/ip-command.md new file: content/posts/linux-krb5.md new file: content/posts/linux-network.md new file: content/posts/linux-nfs.md.save new file: content/posts/linux-packages-rebuild.md new file: content/posts/lvm-base-commands.md new file: content/posts/pfx-to-pem.md new file: content/posts/pg-probackup-setup.md.save new file: content/posts/pg-probackup-setup.md.save.1 new file: content/posts/postgres-drop-db.md new file: content/posts/postgres-krb5.md new file: content/posts/postgres-ldaps.md new file: content/posts/postgres-pro-astra-se.md new file: content/posts/postgres-replication.md new file: content/posts/postgres-simple-backup.md new file: content/posts/postgres-tls.md new file: content/posts/reverse-shell-nc.md new file: content/posts/run-nologin.md new file: content/posts/security-solutions.md new file: content/posts/selfsigned-to-trusted.md new file: content/posts/ssh-2fa-totp.md new file: content/posts/ssh-auth-by-key.md new file: content/posts/ssh-fail2ban.md new file: content/posts/vmware-clipboard.md new file: content/posts/vmware-restart-date.md new file: content/posts/windows-disable-shutdown.md new file: static/0x952C15AB751A65F6 new file: static/favicon.ico new file: static/fruworg.png new file: themes/archie Changes not staged for commit: modified: themes/archie (modified content)
2023-07-26 18:55:24 +03:00
---
title: Двухфакторная аутентификация для SSH
description: 2fa, totp, google-authenticator
date: 2022-11-29T13:35:00+05:00
tags: [linux, ssh]
---
## Установка пакета
```shell
apt install -y openssh-server libpam-google-authenticator
```
## Правка конфига PAM
```shell
auth required pam_google_authenticator.so
# auth required pam_google_authenticator.so
```
## Правка конфига ssh
```shell
ChallengeResponseAuthentication yes
# /etc/ssh/sshd_config
```
## Конфигурация аутентификации
Следующая команда сконфигурирует TOTP.
Запускать команду следует от имени того пользователя,
к которому будет инициализированно подключение.
```shell
google-authenticator
```
## Управление факторами (необязательно)
Включить запрос ключа при аутентификации:
```shell
AuthenticationMethods publickey,password publickey,keyboard-interactive
# /etc/ssh/sshd_config
```
Отключить запрос пароля при аутентификации:
```shell
#@include common-auth
# /etc/pam.d/sshd
```
## Перезапуск сервиса ssh
```shell
systemctl restart ssh
```
Reference in New Issue Copy Permalink