If you’ve ever signed up for a Google, Github, or Twitter account then you’ve likely come across two-factor authentication. Adding in two-factor logins to SSH then seems like a no brainer. It provides a much-needed extra security layer on an otherwise very vulnerable port of entry to your server. By serverauth.com.
If you’ve ever signed up for a Google, Github, or Twitter account then you’ve likely come across two-factor authentication. It’s a fairly simple concept. A user tries to log in, and even if they enter the correct details, they then get asked to confirm a unique one-time code, often presented in an app or sent to them via SMS.
The article describes following step how to secure your server:
- Two-factor for SSH
- Adding Authenticator to your server (Debian, Ubuntu, CentOS, RedHat)
- Configuration
- Enabling SSH 2FA
- Restart SSH & Test
You will also get explanation how to enable have a slight delay between tokens, so they don’t expire at exactly 30 seconds. This is handy for when times may not be 100% accurate, so is worth enabling. And you probably also want to enable rate-limiting. This prevents attackers from attempting to crack entry by brute force, so should be enabled. Straightforward and very useful!
[Read More]