Differences

This shows you the differences between two versions of the page.

--- 2fa [2024/10/28 14:55] – hogwild
+++ 2fa [2024/10/28 15:11] (current) – -Correct instructions for: "/opt/etc/ssh/sshd_config" changes hogwild
@@ Line 3: / Line 3: @@
 This content was taken from a Tomato forum thread: [[https://www.linksysinfo.org/index.php?threads/howto-set-up-2fa-openssh-with-google-authenticator.78183/#post-345032|HOWTO - Set up 2FA openssh with google authenticator]] .
-These are simple configuration notes, and not intended to be a complete HOWTO.
+These are simple configuration notes, and not intended to be a complete HOWTO. This setup uses openssh with google-authenticator as 2-Factor Authentication. Only the "root" user is supported.\\   \\   \\ **Prerequisites:** Install/setup entware if it isn't already installed. This is not covered here.\\  \\
-This setup uses openssh with google-authenticator as 2-Factor Authentication. Only the root user is supported.\\
+Install openssh-server and google-authenticator:
- \\
- \\ **Prerequisites:** Install/setup entware if it isn't already installed. This is not covered here.\\
-    Next, install openssh-server and google-authenticator:
  \\
@@ Line 17: / Line 13: @@
  \\
-Hopefully, this will complete with all dependencies. If not, make sure to install any necessary ones.\\
+If this completes without all dependencies, make sure to install any necessary ones.\\
- \\
+ \\  \\
- \\
+Next, enable openssh-server . This is not covered here.
-Next, enable openssh-server . This is not covered here.\\  \\
+ \\ \\ Configure the correct settings in configuration file /opt/etc/init.d/S39pre_ssh:
-Configure the correct settings in configuration file /opt/etc/init.d/S39pre_ssh: \\
+ \\
     #!/bin/sh
@@ Line 54: / Line 50: @@
  \\
-The new service must be enabled at boot time as well:
+The new service must be enabled at boot time as well. Make the following changes to the file: "/opt/etc/ssh/sshd_config:
  \\
-Next, run /opt/etc/ssh/sshd_config and change the following from the defaults:
     Port 2222 # to be changed if desired
@@ Line 73: / Line 67: @@
 grep -v "#" /opt/etc/pam.d/sshd
+ \\
     auth required pam_env.so
@@ Line 113: / Line 109: @@
 Next, move its config file (.google_authenticator) to the /opt/etc directory:
+ \\
     mv .google_authenticator /opt/etc/
@@ Line 119: / Line 117: @@
 Next, Verify the permissions on the file are "0600" . This is very important.
+ \\
     chmod 0600 /opt/etc/.google_authenticator
@@ Line 125: / Line 125: @@
 Now, you should be able to start the sshd service:
+ \\
     /opt/etc/init.d/S40sshd start
@@ Line 139: / Line 141: @@
 You should see the following:
+ \\
     The authenticity of host '[192.168.1.1]:2222 ([192.168.1.1]:2222)' can't be established.
@@ Line 154: / Line 158: @@
     | Verification code:
- \\ If you see this, it means that 2FA is the only authentication operating.
+ \\ If you see this, it means that 2FA is the only authentication operating. You can now expose port 2222 (or the port you configured) to the Internet. .
- \\
-You can now expose port 2222 (or the port you configured) to the Internet. .
  \\

FreshTomato Wiki

User Tools

Site Tools

Differences

Page Tools