Ubuntu(우분투) 16.04 Google OTP 적용하기

Ubuntu(우분투) 16.04 Google OTP 적용하기

#sudo apt-get update

#sudo apt-get install libpam-google-authenticator

#sudo vi /etc/pam.d/sshd

하단에 다음 추가

auth required pam_google_authenticator.so

#sudo vi /etc/ssh/sshd_config

다음 값을 변경

ChallengeResponseAuthentication no (기본값)

ChallengeResponseAuthentication yes (변경후)

#sudo systemctl restart ssh

OTP 인증을 사용할 계정으로 로그인

#google-authenticator

질문이 나오면 다음과 같이..

Do you want authentication tokens to be time-based (y/n) y

스마트폰에 Google OTP 설치
플레이 스토어에서 Google OTP 다운로드 후 QR코드 혹은 직접입력으로 등록.

Do you want me to update your "/home/testuser1/.google_authenticator" file (y/n) y

Do you want to disallow multiple uses of the same authentication token? This restricts you to one login about every 30s, but it increases your chances to notice or even prevent man-in-the-middle attacks (y/n) y

By default, tokens are good for 30 seconds and in order to compensate for possible time-skew between the client and the server, we allow an extra token before and after the current time. If you experience problems with poor time synchronization, you can increase the window from its default size of 1:30min to about 4min. Do you want to do so (y/n) n

f the computer that you are logging into isn't hardened against brute-force login attempts, you can enable rate-limiting for the authentication module. By default, this limits attackers to no more than 3 login attempts every 30s. Do you want to enable rate-limiting (y/n) y

질문완료후 터미널 열어서 로그인 해보면 됨..

설치 참고 URL :

https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-16-04

[XShell 설정 참고]

등록정보 > 연결 > 사용자인증
방법 : Keyboard Interactive 선택

outgoing encryption 알고리즘을 찾을 수 없습니다. 라고 메세지가 나오는 경우

등록정보 > 연결 > SSH > 보안설정
암호화 : aes256-ctr 선택