Differences

This shows you the differences between two versions of the page.

--- 2fa [2023/09/14 09:48] – created rs232
+++ 2fa [2024/05/03 17:33] – -formatting hogwild
@@ Line 1: / Line 1: @@
-===== Setting up 2FA for SSH using GoogleAuthenticator =====
+====== Setting up 2FA for SSH using GoogleAuthenticator ======
-[FIXME] - Currently just a drop from the thread where this was posted: https://www.linksysinfo.org/index.php?threads/howto-set-up-2fa-openssh-with-google-authenticator.78183/#post-345032
+This is content taken from the following forum thread: \\ [[https://www.linksysinfo.org/index.php?threads/howto-set-up-2fa-openssh-with-google-authenticator.78183/#post-345032]]
-for openssh with google-authenticator as 2FA (root user only)
+These are simple configuration notes and are not intended to be a complete HOWTO.
-so this is not a full how-to just my overly simplified notes and configs
+This setup uses openssh with google-authenticator as 2-Factor Authentication. Only the root user is supported.
-the prerequisites :
+ \\
-- setup entware (not covered here)
+Prerequisites : Install/setup entware. This is not covered here. <Link?> \\
+ \\ First, we must install openssh-server and google-authenticator:
     opkg install openssh-server-pam google-authenticator-libpam
-(hopefully this should cover all the dependencies)
+Hopefully this will cover all dependencies. \\
-- enable openssh server (not covered here)
+ \\
-now the configs:
+Next, we need to enable openssh-server . This is not covered here. <Link?> \\  \\
-/opt/etc/init.d/S39pre_ssh
+Now we configure the correct settings in configuration file /opt/etc/init.d/S39pre_ssh : \\  \\
     #!/bin/sh
@@ Line 44: / Line 48: @@
     exit 0
-this new service needs to be enabled at boot-time as well
+ \\
-/opt/etc/ssh/sshd_config (only what's changed from the default - I believe)
+The new service must be enabled at boot time as well:
+/opt/etc/ssh/sshd_config (most likely only what's changed from the default)
     Port 2222 # to be changed if desired
@@ Line 57: / Line 63: @@
     HostKey /opt/etc/ssh/ssh_host_rsa_key
     HostKey /opt/etc/ssh/ssh_host_ed25519_key
 grep -v "#" /opt/etc/pam.d/sshd
@@ Line 68: / Line 73: @@
     account required pam_nologin.so
     account include common-account
@@ Line 79: / Line 83: @@
     session required pam_limits.so
     password include common-password
 now run the google-auth setup and it will guide you on the steps:
@@ Line 88: / Line 90: @@
     google-authenticator
-make sure you register the TOTP code or load into an app like AndOTP
+make sure you register the TOTP code or load into an app like AndOTP now it's time to move its config file to /opt/etc
-now it's time to move its config file to /opt/etc
     mv .google_authenticator /opt/etc/
@@ Line 96: / Line 97: @@
     chmod 0600 /opt/etc/.google_authenticator
 now if memory serves me well you can start the sshd service:
@@ Line 125: / Line 125: @@
 PS - /opt/etc/environment is the default - only comments - so nothing to change - maybe a "touch /etc/environment" should have been enough

FreshTomato Wiki

User Tools

Site Tools

Differences

Page Tools