In this lab, we are required to configure SSH to interact with the Google Authenticator. The server is configured so that it only asks for a password. That needs to be changed after the first usage. Our job is to add this additional authentication step. First, we need to install and initialize the Google authenticator. Then, we need to configure SSH to make use of the authenticator. When everything is set up, make sure to perform a verification that the configuration is valid.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Configure Key-Based Login
Generate Private/Public Key Pair on the Client
ssh-keygenCopy the Public Key Over to the Server
- From client:
/Path/to/your/public/key/file - To server:
/home/cloud_user/.ssh/authorized_keys
- From client:
- SSH Configuration
sudo vim /etc/ssh/sshd_configPubkeyAuthentication yes PasswordAuthentication no AuthenticationMethods publickey,keyboard-interactiveESC :wq ENTER- Configure the Repository, Then Install and Initialize the Google Authenticator
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpmInstall Google Authenticator
sudo yum install google-authenticatorInitialize Google Authenticator
sudo google-authenticator- Further SSH configuration
sudo vim /etc/pam.d/sshdauth required pam_google_authenticator.sosudo systemctl restart sshd
