Using Google Authenticator to Set Up Two Factor Authentication for Linux

mlnews

Security is a big deal and with Google Authenticator you can get free, two factor authentication on Linux desktops and servers.

Alex Sage

This guide is complete rubbish . DO NOT FOLLOW IT.

Alex Sage

This post is deleted!

DustinB3403

This at all doesn't seem like a bad thing, especially if you're doing this on your own personal systems. Doing this in an organization seems like a crazy step to implement.

Also what happens if you're phone dies, how do you update the authentication device?

Dashrender

@DustinB3403 said in Using Google Authenticator to Set Up Two Factor Authentication for Linux:

This at all doesn't seem like a bad thing, especially if you're doing this on your own personal systems. Doing this in an organization seems like a crazy step to implement.

Also what happens if you're phone dies, how do you update the authentication device?

I would hope there would be more than one person setup, or perhaps Root doesn't require two factor - but only works on the console.

DustinB3403

@Dashrender said in Using Google Authenticator to Set Up Two Factor Authentication for Linux:

@DustinB3403 said in Using Google Authenticator to Set Up Two Factor Authentication for Linux:

This at all doesn't seem like a bad thing, especially if you're doing this on your own personal systems. Doing this in an organization seems like a crazy step to implement.

Also what happens if you're phone dies, how do you update the authentication device?

I would hope there would be more than one person setup, or perhaps Root doesn't require two factor - but only works on the console.

"hope" being the key word there.

Deleted74295

@aaronstuder said in Using Google Authenticator to Set Up Two Factor Authentication for Linux:

This guide is complete rubbish . DO NOT FOLLOW IT.

Can you qualify your statement?

stacksofplates

@DustinB3403 said in Using Google Authenticator to Set Up Two Factor Authentication for Linux:

This at all doesn't seem like a bad thing, especially if you're doing this on your own personal systems. Doing this in an organization seems like a crazy step to implement.

Also what happens if you're phone dies, how do you update the authentication device?

There is a hidden file in the root account with the one time use codes and the key for the app. Local console access doesn't require 2FA, only SSH.

If you set it up in PAM correctly that is, I didn't read through this guide. I did one a while ago on here with steps for everything, and doing it that way only requires 2FA codes with SSH, not local console access.