FreshTomato Wiki

User Tools

Site Tools

Trace:
2fa

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
2fa [2024/05/03 18:21] – changed to "it means that only 2FA authentication is operating" hogwild2fa [2024/05/03 18:40] (current) hogwild
Line 11: Line 11:
  \\  \\
  
-Prerequisite: Install/setup entware. This is not covered here. <Link?> \\+Prerequisite: Install/setup entware if it's not already installed. This is not covered here. <Link?> \\
  
- \\ First, install openssh-server and google-authenticator:+ \\ Next, install openssh-server and google-authenticator:
  
     opkg install openssh-server-pam google-authenticator-libpam     opkg install openssh-server-pam google-authenticator-libpam
Line 54: Line 54:
 The new service must be enabled at boot time as well: The new service must be enabled at boot time as well:
  
-/opt/etc/ssh/sshd_config (most likely only what's changed from the default)+ \\ 
 + 
 +Next, run /opt/etc/ssh/sshd_config and change the following from the defaults:
  
     Port 2222 # to be changed if desired     Port 2222 # to be changed if desired
Line 65: Line 67:
     HostKey /opt/etc/ssh/ssh_host_rsa_key     HostKey /opt/etc/ssh/ssh_host_rsa_key
     HostKey /opt/etc/ssh/ssh_host_ed25519_key     HostKey /opt/etc/ssh/ssh_host_ed25519_key
 +
 + \\
  
 grep -v "#" /opt/etc/pam.d/sshd grep -v "#" /opt/etc/pam.d/sshd
Line 98: Line 102:
  \\  \\
  
-Next, move its config file (.google_authenciator) to the /opt/etc directory:+Next, move its config file (.google_authenticator) to the /opt/etc directory:
  
     mv .google_authenticator /opt/etc/     mv .google_authenticator /opt/etc/
Line 116: Line 120:
  \\  \\
  
-Next, test it from the LAN side:+Next, test the configuration from the LAN side by typing the following at the command prompt:
  
-    ssh -p 2222 root@<lan-ip-of-tomato-router>+    ssh -p 2222 root@<lan-ip-of-freshtomato-router>
  
-You should see the following output:+You should see the following:
  
     The authenticity of host '[192.168.1.1]:2222 ([192.168.1.1]:2222)' can't be established.     The authenticity of host '[192.168.1.1]:2222 ([192.168.1.1]:2222)' can't be established.
Line 129: Line 133:
  \\  \\
  
-Now, you should see the following:+After typing Yes, you should see the following:
  
     Keyboard-interactive authentication prompts from server:     Keyboard-interactive authentication prompts from server:
     | Verification code:     | Verification code:
  
-If you see this, it means that only 2FA authentication is operating.+If you see this, it means that 2FA is the only authentication operating.
  
  \\  \\
2fa.1714756880.txt.gz · Last modified: 2024/05/03 18:21 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki