This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
2fa [2024/05/03 18:09] – -formatting, condense hogwild | 2fa [2024/05/03 18:40] (current) – hogwild | ||
---|---|---|---|
Line 11: | Line 11: | ||
\\ | \\ | ||
- | Prerequisite: | + | Prerequisite: |
- | | + | |
opkg install openssh-server-pam google-authenticator-libpam | opkg install openssh-server-pam google-authenticator-libpam | ||
Line 54: | Line 54: | ||
The new service must be enabled at boot time as well: | The new service must be enabled at boot time as well: | ||
- | / | + | \\ |
+ | |||
+ | Next, run / | ||
Port 2222 # to be changed if desired | Port 2222 # to be changed if desired | ||
Line 65: | Line 67: | ||
HostKey / | HostKey / | ||
HostKey / | HostKey / | ||
+ | |||
+ | \\ | ||
grep -v "#" | grep -v "#" | ||
Line 90: | Line 94: | ||
\\ | \\ | ||
- | Now, run the google-auth setup and go through | + | Now, run google-auth setup and follow |
google-authenticator | google-authenticator | ||
Line 98: | Line 102: | ||
\\ | \\ | ||
- | Now, move its config file to the /opt/etc directory: | + | Next, move its config file (.google_authenticator) |
mv .google_authenticator /opt/etc/ | mv .google_authenticator /opt/etc/ | ||
Line 104: | Line 108: | ||
\\ | \\ | ||
- | Verify the permissions on the file are 0600 . This is very important. | + | Next, Verify the permissions on the file are 0600 . This is very important. |
chmod 0600 / | chmod 0600 / | ||
Line 110: | Line 114: | ||
\\ | \\ | ||
- | Now you should be able to start the sshd service: | + | Now, you should be able to start the sshd service: |
/ | / | ||
Line 116: | Line 120: | ||
\\ | \\ | ||
- | Now, test it from the LAN side: | + | Next, test the configuration |
- | ssh -p 2222 root@< | + | ssh -p 2222 root@< |
- | The following text should | + | You should |
The authenticity of host ' | The authenticity of host ' | ||
Line 129: | Line 133: | ||
\\ | \\ | ||
- | Now, you should see the following: | + | After typing Yes, you should see the following: |
Keyboard-interactive authentication prompts from server: | Keyboard-interactive authentication prompts from server: | ||
| Verification code: | | Verification code: | ||
- | If you see this, it means that only 2FA authentication | + | If you see this, it means that 2FA is the only authentication operating. |
\\ | \\ | ||
- | You can now expose port 2222 (or the port you configured) to the Iinternet | + | You can now expose port 2222 (or the port you configured) to the Internet |
\\ | \\ |