How to Enable 2 Factor authentication in Centos 7/RHEL 7 ?
CentOS is an Enterprise-class Linux Freeware Distribution which is used wordlwide. To avoide brut force attack on SSH, we can add 2 Factor authentication to increase its security. Their are multiple 2 factor authentication Centos Support, but for this tutorial we will be using google auth.
First you need to install google authentication application in your mobile or in browser.
Install epl repository in centos.
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Once the repository is installed, next step is to install google authenticator.
sudo yum install google-authenticator
Configure google authenticator, run below command
It will ask multiple questions, answer all question with 'yes', These questions are for security, it recomended to enable all security policies.
Configure SSH. To configure ssh open /etc/pam.d/sshd and add belwo line at bottom and save it.
auth required pam_google_authenticator.so
There is an option to add nullok at the end of that line. This is an option if you have users who have yet to run the google-authenticator command and need to log into the server, via ssh. I prefer to not use that option and make sure everyone has run the command before configuring SSH to require 2FA.
Configure SSHD file. Open /etc/ssh/sshd_config and replace below line
Now restart sshd services and you are good to go..
systemctl restart sshd