Using Google 2-factor authentication on Linux or FreeBSD

HowToGeek posted a great explanation (with screenshots) of how to use Google's two-factor authentication on a Linux system.

How to Secure SSH with Google Authenticator's Two-Factor Authentication

If you use FreeBSD there are packages that install the same PAM module:

portinstall -P security/pamgoogleauthenticator

Some nice features:

  • It is time dependent. Does not rely on Google servers. You don't have to set up a server either.
  • There are iPhone and Android apps. Both are open source so you can independently verify their security.
  • It is a PAM module, so it works with everything. It is also open source, thus can be independently verified.
  • When you configure a user it prints a URL to a QR code that you can visit with your phone; no need to manually enter the key.
  • When you configure a user it prints 5 "emergency scratch codes". Print them, keep them in your wallet. If you lose your phone you can log in with those.
  • The "google-authenticator" utility is easy to integrate into installation scripts. It has a non-interactive mode ("-f").

Enjoy!

Posted by Tom Limoncelli

No TrackBacks

TrackBack URL: http://everythingsysadmin.com/cgi-bin/mt-tb.cgi/1471

Leave a comment