User Tools
2fa
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| 2fa [2024/10/28 14:49] – -Formatting hogwild | 2fa [2024/10/28 15:11] (current) – -Correct instructions for: "/opt/etc/ssh/sshd_config" changes hogwild | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Setting up 2FA for SSH using Google Authenticator ====== | ====== Setting up 2FA for SSH using Google Authenticator ====== | ||
| - | This content was taken from the following | + | This content was taken from a Tomato |
| - | These are simple configuration notes, and not intended to be a complete HOWTO. | + | These are simple configuration notes, and not intended to be a complete HOWTO. |
| - | This setup uses openssh | + | Install |
| \\ | \\ | ||
| - | Prerequisites: | + | opkg install openssh-server-pam google-authenticator-libpam |
| - | | + | \\ |
| - | opkg install | + | If this completes without all dependencies, |
| - | Hopefully, this will include all dependencies. If not, make sure to install any dependencies.\\ | + | |
| - | \\ | + | Next, enable openssh-server . This is not covered here. |
| + | |||
| + | \\ \\ Configure the correct settings in configuration file / | ||
| \\ | \\ | ||
| - | |||
| - | Next, enable openssh-server . This is not covered here.\\ | ||
| - | |||
| - | Configure the correct settings in configuration file / | ||
| #!/bin/sh | #!/bin/sh | ||
| Line 52: | Line 50: | ||
| \\ | \\ | ||
| - | The new service must be enabled at boot time as well: | + | The new service must be enabled at boot time as well. Make the following changes to the file: "/ |
| - | + | ||
| - | \\ | + | |
| - | + | ||
| - | Next, run / | + | |
| \\ | \\ | ||
| Line 101: | Line 95: | ||
| Now, run google-auth setup and follow the steps: | Now, run google-auth setup and follow the steps: | ||
| + | |||
| + | \\ | ||
| google-authenticator | google-authenticator | ||
| Line 113: | Line 109: | ||
| Next, move its config file (.google_authenticator) to the /opt/etc directory: | Next, move its config file (.google_authenticator) to the /opt/etc directory: | ||
| + | |||
| + | \\ | ||
| mv .google_authenticator /opt/etc/ | mv .google_authenticator /opt/etc/ | ||
| Line 119: | Line 117: | ||
| Next, Verify the permissions on the file are " | Next, Verify the permissions on the file are " | ||
| + | |||
| + | \\ | ||
| chmod 0600 / | chmod 0600 / | ||
| Line 125: | Line 125: | ||
| Now, you should be able to start the sshd service: | Now, you should be able to start the sshd service: | ||
| + | |||
| + | \\ | ||
| / | / | ||
| Line 131: | Line 133: | ||
| \\ Next, test the configuration from the LAN side by typing the following at the command prompt: | \\ Next, test the configuration from the LAN side by typing the following at the command prompt: | ||
| + | |||
| + | \\ | ||
| ssh -p 2222 root@< | ssh -p 2222 root@< | ||
| Line 148: | Line 152: | ||
| After typing Yes, you should see the following: | After typing Yes, you should see the following: | ||
| + | |||
| + | \\ | ||
| Keyboard-interactive authentication prompts from server: | Keyboard-interactive authentication prompts from server: | ||
| | Verification code: | | Verification code: | ||
| - | \\ If you see this, it means that 2FA is the only authentication operating. | + | \\ If you see this, it means that 2FA is the only authentication operating. You can now expose port 2222 (or the port you configured) to the Internet. . |
| - | + | ||
| - | \\ | + | |
| - | + | ||
| - | You can now expose port 2222 (or the port you configured) to the Internet. . | + | |
| \\ | \\ | ||
2fa.1730126999.txt.gz · Last modified: 2024/10/28 14:49 by hogwild
Page Tools
