Installing and using the Google Authenticator was pretty easy. I give credit to howtogeek.com for their straight forward instructions on using it. However, I wanted to change some things about their setup. You'll find my instructions to be similar to theirs, but with some important differences. This was done on Ubuntu 14.04.
Install the google auth pam module:
Now, this is where I diverge a little from the howtogeek version. Open up the /etc/pam.d/sshd file on your machine. Put this at the very top of the file:
As a reminder, google authenticator does NOT talk to google. It works based on a common secret key that the server and the phone share. And based on that key, and the time of day, it generates random numbers. So your server can recognize your phone with those random numbers. Please note however, that the secret key is stored in plain text on the server in /home/YourUserName/.google_authenticator. Anyone with root access can read that file, and use that key, so it is still imperative that you keep your ssh private key secure.
Install the google auth pam module:
sudo apt-get install libpam-google-authenticatorLogin as the user you will be using the authenticator with, and run the following command:
google-authenticatorSet up Google Authenticator on your phone using either the QR code it generates, or manually type it in.
Now, this is where I diverge a little from the howtogeek version. Open up the /etc/pam.d/sshd file on your machine. Put this at the very top of the file:
auth sufficient pam_access.so accessfile=/etc/security/access-local.conf auth sufficient pam_google_authenticator.soAnd then comment out the following line in the same file:
#@include common-authNow, open up your /etc/ssh/sshd_config file. Edit or add the following lines to be as follows:
ChallengeResponseAuthentication yes PubkeyAuthentication yes UsePAM yes AuthenticationMethods publickey,keyboard-interactive:pamLastly, create the file /etc/security/access-local.conf and edit it to your liking. IPs in here will bypass the google authenticator requirement. Mine looks like this:
# only allow from local IP range + : ALL : 192.168.1.2/32 + : ALL : LOCAL - : ALL : ALLRestart ssh, and you should be all set up.
sudo service ssh restartOk. So let's talk through what this does. sshd has now been configured to require two things to allow access. It will require public key auth, and it will ask pam to authorized you as well. Pam will first look at your IP address, and see if it matches anything in the /etc/security/access-local.conf file. If your IP address matches one of the ranges in that file with a + next to it, it will say that you are good, and let you in. If you don't match what's in that file, then it will ask you for your google authenticator code that you will need to get from your app on your phone. This is nice, because it allows you to have an extra layer of security for anyone trying to access your machine from a non-standard location, while from other locations, the authorization process is just an easy public key auth process.
As a reminder, google authenticator does NOT talk to google. It works based on a common secret key that the server and the phone share. And based on that key, and the time of day, it generates random numbers. So your server can recognize your phone with those random numbers. Please note however, that the secret key is stored in plain text on the server in /home/YourUserName/.google_authenticator. Anyone with root access can read that file, and use that key, so it is still imperative that you keep your ssh private key secure.
Borgata Hotel Casino & Spa Opening in Atlantic City, NJ
ReplyDeleteBorgata Hotel Casino 상주 출장샵 & 양산 출장마사지 Spa will be the first to open 안동 출장마사지 in Atlantic 논산 출장안마 City when it opens next month. Located in Atlantic City's 제주 출장안마 Marina District, Borgata
With the fundamental technique, you need to} never break up 10's, 5's or four's, all the time break up 8's, and, in the different cases, break up towards an up card of 2 to 7, however not otherwise. Blackjack (also known as as|often recognized as} twenty-one or sometimes pontoon) certainly one of the|is among the|is probably certainly one of the} most popular on line casino card video games on the earth. The name blackjack comes from truth that|the fact that} when blackjack was first introduced in the 카지노사이트 united states it wasn't very popular, so casinos and gambling houses tried providing completely different bonus payoffs.
ReplyDelete