SSH Security – In this video lecture, I will show you all how to secure your SSH service in the latest version of Ubuntu 22.04.3 LTS with Google Two-Factor Authentication.
Secure your Linux system logins by installing and activating a two-factor authentication tool called Google Authenticator PAM module, PAM is a pluggable authentication module, by implementing a PAM module we can add custom authentication methods or others for users on Ubuntu 22.04 LTS Jammy Méduse.
Although by default you can protect your SSH connection with an account username and password or with SSH key login methods, here we are going to add an extra layer of protection, we can use 2FA or a method two-factor authentication. This ensures that without providing an additional security code, the user will not be able to log in.
Install and configure Google Authenticator
# apt install libpam-google-authenticator -y
# google-authenticator (generate security key and copy QR code URL)
# cp /etc/pam.d/sshd /etc/pam.d/sshd.bak (save the file first)
# nano /etc/pam.d/sshd (@after including common auth, add the following line)
authentication required pam_google_authenticator.so
# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
# nano /etc/ssh/sshd_config (edit file)
Change two options
KbdInteractiveAuthentication yes
Use PAM yes
Restart the SSH service
# sudo systemctl restart sshd.service
Connect to SSH and test 2FA
Please take the opportunity to connect and share this video with your friends and family if you find it useful.
No Comments