FreshTomato Wiki

User Tools

Site Tools

Trace:
2fa

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
2fa [2024/10/28 14:45] – -Formatting hogwild2fa [2024/10/28 15:11] (current) – -Correct instructions for: "/opt/etc/ssh/sshd_config" changes hogwild
Line 1: Line 1:
 ====== Setting up 2FA for SSH using Google Authenticator ====== ====== Setting up 2FA for SSH using Google Authenticator ======
  
-This content was taken from the following forum thread: \\ [[wp>https://www.linksysinfo.org/index.php?threads/howto-set-up-2fa-openssh-with-google-authenticator.78183/#post-345032|Tomato Forum: HOWTO - Set up 2FA openssh with google authenticator]]+This content was taken from a Tomato forum thread: [[https://www.linksysinfo.org/index.php?threads/howto-set-up-2fa-openssh-with-google-authenticator.78183/#post-345032|HOWTO - Set up 2FA openssh with google authenticator]] .
  
- \\ These are simple configuration notes, and not intended to be a complete HOWTO.+These are simple configuration notes, and not intended to be a complete HOWTO. This setup uses openssh with google-authenticator as 2-Factor Authentication. Only the "root" user is supported.\\   \\   \\ **Prerequisites:** Install/setup entware if it isn't already installed. This is not covered here.\\  \\
  
-This setup uses openssh with google-authenticator as 2-Factor Authentication. Only the root user is supported.+Install openssh-server and google-authenticator:
  
  \\  \\
  
-Prerequisites: Install/setup entware if it isn't already installed. This is not covered here.\\ +    opkg install openssh-server-pam google-authenticator-libpam
- +
- \\ Next, install openssh-server and google-authenticator:+
  
  \\  \\
  
-    opkg install openssh-server-pam google-authenticator-libpam+If this completes without all dependencies, make sure to install any necessary ones.\\
  
-Hopefully, this will include all dependencies. \\+ \\  \\
  
- \\+Next, enable openssh-server . This is not covered here. 
 + 
 + \\ \\ Configure the correct settings in configuration file /opt/etc/init.d/S39pre_ssh:
  
  \\  \\
- 
-Next, enable openssh-server . This is not covered here.\\  \\ 
- 
-Configure the correct settings in configuration file /opt/etc/init.d/S39pre_ssh: \\  \\ 
  
     #!/bin/sh     #!/bin/sh
Line 54: Line 50:
  \\  \\
  
-The new service must be enabled at boot time as well:+The new service must be enabled at boot time as well. Make the following changes to the file: "/opt/etc/ssh/sshd_config:
  
  \\  \\
- 
-Next, run /opt/etc/ssh/sshd_config and change the following from the defaults: 
  
     Port 2222 # to be changed if desired     Port 2222 # to be changed if desired
Line 138: Line 132:
  \\  \\
  
- \\ + \\ Next, test the configuration from the LAN side by typing the following at the command prompt:
- +
-Next, test the configuration from the LAN side by typing the following at the command prompt:+
  
  \\  \\
Line 149: Line 141:
  
 You should see the following: You should see the following:
 +
 + \\
  
     The authenticity of host '[192.168.1.1]:2222 ([192.168.1.1]:2222)' can't be established.     The authenticity of host '[192.168.1.1]:2222 ([192.168.1.1]:2222)' can't be established.
Line 164: Line 158:
     | Verification code:     | Verification code:
  
- \\ + \\ If you see this, it means that 2FA is the only authentication operating. You can now expose port 2222 (or the port you configured) to the Internet.
- +
-If you see this, it means that 2FA is the only authentication operating. +
- +
- \\ +
- +
-You can now expose port 2222 (or the port you configured) to the Internet (not covered here).+
  
  \\  \\
2fa.1730126723.txt.gz · Last modified: 2024/10/28 14:45 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki