How to Enable 2 Factor authentication in Centos 7/RHEL 7 ?

CentOS is an Enterprise-class Linux Freeware Distribution which is used wordlwide. To avoide brut force attack on SSH, we can add 2 Factor authentication to increase its security. Their are multiple 2 factor authentication Centos Support, but for this tutorial we will be using google auth. 



First you need to install google authentication application in your mobile or in browser. 

Step 2:

Install epl repository in centos.

sudo yum install

Step 3:

Once the repository is installed, next step is to install google authenticator.

sudo yum install google-authenticator


Step 1:

Configure google authenticator, run below command


It will ask multiple questions, answer all question with 'yes', These questions are for security, it recomended to enable all security policies.

Step 2:

Configure SSH. To configure ssh open /etc/pam.d/sshd and add belwo line at bottom and save it.

auth required

There is an option to add nullok at the end of that line. This is an option if you have users who have yet to run the google-authenticator command and need to log into the server, via ssh. I prefer to not use that option and make sure everyone has run the command before configuring SSH to require 2FA.

Step 3:

Configure SSHD file. Open /etc/ssh/sshd_config  and replace below line

ChallengeResponseAuthentication no


ChallengeResponseAuthentication yes


Now restart sshd services and you are good to go.. 

systemctl restart sshd