{"id":186,"date":"2019-11-16T19:31:27","date_gmt":"2019-11-16T19:31:27","guid":{"rendered":"http:\/\/snehpatel.com\/?p=186"},"modified":"2019-11-16T19:31:27","modified_gmt":"2019-11-16T19:31:27","slug":"configuring-two-factor-authentication-on-centos-7","status":"publish","type":"post","link":"https:\/\/snehpatel.com\/index.php\/2019\/11\/16\/configuring-two-factor-authentication-on-centos-7\/","title":{"rendered":"Configuring two-factor authentication on CentOS 7"},"content":{"rendered":"\n<p>Multi-factor authentication has been one of the incredible things that security people love. An extra layer of protection that authorized person has, have or are. Now let&#8217;s get straight to the point on configuring two-factor authentication on CentOS 7.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Let&#8217;s first install the additional repository called epel <\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo yum install https:\/\/dl.fedoraproject.org\/pub\/epel\/epel-release-latest-7.noarch.rpm<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Now let&#8217;s install google-authenticator<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo yum install google-authenticator<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Once installed type following to start the setup<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>google-authenticator<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Some questions will be asked as follow <\/li><li><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>Do you want authentication tokens to be time-based (y\/n) y<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Once you say yes. QR code will be displayed. Scan it using your favorite authenticator. And follow questions after this.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>Do you want me to update your \"\/home\/username\/.google_authenticator\" file (y\/n) y<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>Do you want to disallow multiple uses of the same authentication\ntoken? This restricts you to one login about every 30s, but it increases\nyour chances to notice or even prevent man-in-the-middle attacks (y\/n) y<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>By default, tokens are good for 30 seconds. In order to compensate for\npossible time-skew between the client and the server, we allow an extra\ntoken before and after the current time. If you experience problems with\npoor time synchronization, you can increase the window from its default\nsize of +-1min (window size of 3) to about +-4min (window size of 17 acceptable tokens). \nDo you want to do so? (y\/n) n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>If the computer that you are logging into isn't hardened against brute-force\nlogin attempts, you can enable rate-limiting for the authentication module.\nBy default, this limits attackers to no more than 3 login attempts every 30s.\nDo you want to enable rate-limiting (y\/n) y<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Now edit pam.d\/sshd file to enable google authentication<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo nano \/etc\/pam.d\/sshd<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Add the following line at bottom of the file<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>. . .\n# Used with polkit to reauthorize users in remote sessions\n-session   optional     pam_reauthorize.so prepare\nauth required pam_google_authenticator.so nullok<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Now edit ssh file to enable two-factor authentication when ssh into the machine<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo nano \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Find &#8220;ChallengeResponseAuthentication&#8221; in the file and set it to &#8220;yes&#8221;<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>. . .\n# Change to no to disable s\/key passwords\nChallengeResponseAuthentication yes\n#ChallengeResponseAuthentication no\n. . .<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Restart the ssh service<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl restart sshd.service<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>You are now done with setting up two-factor authentication<\/li><\/ul>\n\n\n\n<p>Source:  <br><a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-set-up-multi-factor-authentication-for-ssh-on-centos-7\">https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-set-up-multi-factor-authentication-for-ssh-on-centos-7<\/a> <\/p>\n\n\n\n<p><a href=\"https:\/\/www.techrepublic.com\/article\/how-to-set-up-two-factor-authentication-on-centos-7\/\">https:\/\/www.techrepublic.com\/article\/how-to-set-up-two-factor-authentication-on-centos-7\/<\/a><\/p>\n\n\n\n<p>For help: x786@protonmail.ch<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Multi-factor authentication has been one of the incredible things that security people love. An extra layer of protection that authorized person has, have or are. Now let&#8217;s get straight to the point on configuring two-factor authentication on CentOS 7. Let&#8217;s first install the additional repository called epel Now let&#8217;s install google-authenticator Once installed type following &#8230; <a title=\"Configuring two-factor authentication on CentOS 7\" class=\"read-more\" href=\"https:\/\/snehpatel.com\/index.php\/2019\/11\/16\/configuring-two-factor-authentication-on-centos-7\/\" aria-label=\"Read more about Configuring two-factor authentication on CentOS 7\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[17,9],"tags":[22,40],"class_list":["post-186","post","type-post","status-publish","format-standard","hentry","category-linux","category-systme","tag-2-factor","tag-mfa"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Configuring two-factor authentication on CentOS 7 - Sneh Patel<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/snehpatel.com\/index.php\/2019\/11\/16\/configuring-two-factor-authentication-on-centos-7\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Configuring two-factor authentication on CentOS 7 - Sneh Patel\" \/>\n<meta property=\"og:description\" content=\"Multi-factor authentication has been one of the incredible things that security people love. An extra layer of protection that authorized person has, have or are. Now let&#8217;s get straight to the point on configuring two-factor authentication on CentOS 7. Let&#8217;s first install the additional repository called epel Now let&#8217;s install google-authenticator Once installed type following ... Read more\" \/>\n<meta property=\"og:url\" content=\"https:\/\/snehpatel.com\/index.php\/2019\/11\/16\/configuring-two-factor-authentication-on-centos-7\/\" \/>\n<meta property=\"og:site_name\" content=\"Sneh Patel\" \/>\n<meta property=\"article:published_time\" content=\"2019-11-16T19:31:27+00:00\" \/>\n<meta name=\"author\" content=\"Sneh Patel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sneh Patel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/11\\\/16\\\/configuring-two-factor-authentication-on-centos-7\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/11\\\/16\\\/configuring-two-factor-authentication-on-centos-7\\\/\"},\"author\":{\"name\":\"Sneh Patel\",\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#\\\/schema\\\/person\\\/a39105bc63f7e11a0e07b12a4c3dda73\"},\"headline\":\"Configuring two-factor authentication on CentOS 7\",\"datePublished\":\"2019-11-16T19:31:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/11\\\/16\\\/configuring-two-factor-authentication-on-centos-7\\\/\"},\"wordCount\":164,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#\\\/schema\\\/person\\\/a39105bc63f7e11a0e07b12a4c3dda73\"},\"keywords\":[\"2-factor\",\"mfa\"],\"articleSection\":[\"Linux\",\"System\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/11\\\/16\\\/configuring-two-factor-authentication-on-centos-7\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/11\\\/16\\\/configuring-two-factor-authentication-on-centos-7\\\/\",\"url\":\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/11\\\/16\\\/configuring-two-factor-authentication-on-centos-7\\\/\",\"name\":\"Configuring two-factor authentication on CentOS 7 - Sneh Patel\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#website\"},\"datePublished\":\"2019-11-16T19:31:27+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2019\\\/11\\\/16\\\/configuring-two-factor-authentication-on-centos-7\\\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#website\",\"url\":\"https:\\\/\\\/snehpatel.com\\\/\",\"name\":\"Sneh Patel\",\"description\":\"Cyber Security Blog\",\"publisher\":{\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#\\\/schema\\\/person\\\/a39105bc63f7e11a0e07b12a4c3dda73\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/snehpatel.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#\\\/schema\\\/person\\\/a39105bc63f7e11a0e07b12a4c3dda73\",\"name\":\"Sneh Patel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/snehpatel.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/snehpatel.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/snehpatel.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1\",\"width\":672,\"height\":222,\"caption\":\"Sneh Patel\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/snehpatel.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1\"},\"sameAs\":[\"http:\\\/\\\/snehpatel.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Configuring two-factor authentication on CentOS 7 - Sneh Patel","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/snehpatel.com\/index.php\/2019\/11\/16\/configuring-two-factor-authentication-on-centos-7\/","og_locale":"en_US","og_type":"article","og_title":"Configuring two-factor authentication on CentOS 7 - Sneh Patel","og_description":"Multi-factor authentication has been one of the incredible things that security people love. An extra layer of protection that authorized person has, have or are. Now let&#8217;s get straight to the point on configuring two-factor authentication on CentOS 7. Let&#8217;s first install the additional repository called epel Now let&#8217;s install google-authenticator Once installed type following ... Read more","og_url":"https:\/\/snehpatel.com\/index.php\/2019\/11\/16\/configuring-two-factor-authentication-on-centos-7\/","og_site_name":"Sneh Patel","article_published_time":"2019-11-16T19:31:27+00:00","author":"Sneh Patel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sneh Patel","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/snehpatel.com\/index.php\/2019\/11\/16\/configuring-two-factor-authentication-on-centos-7\/#article","isPartOf":{"@id":"https:\/\/snehpatel.com\/index.php\/2019\/11\/16\/configuring-two-factor-authentication-on-centos-7\/"},"author":{"name":"Sneh Patel","@id":"https:\/\/snehpatel.com\/#\/schema\/person\/a39105bc63f7e11a0e07b12a4c3dda73"},"headline":"Configuring two-factor authentication on CentOS 7","datePublished":"2019-11-16T19:31:27+00:00","mainEntityOfPage":{"@id":"https:\/\/snehpatel.com\/index.php\/2019\/11\/16\/configuring-two-factor-authentication-on-centos-7\/"},"wordCount":164,"commentCount":0,"publisher":{"@id":"https:\/\/snehpatel.com\/#\/schema\/person\/a39105bc63f7e11a0e07b12a4c3dda73"},"keywords":["2-factor","mfa"],"articleSection":["Linux","System"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/snehpatel.com\/index.php\/2019\/11\/16\/configuring-two-factor-authentication-on-centos-7\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/snehpatel.com\/index.php\/2019\/11\/16\/configuring-two-factor-authentication-on-centos-7\/","url":"https:\/\/snehpatel.com\/index.php\/2019\/11\/16\/configuring-two-factor-authentication-on-centos-7\/","name":"Configuring two-factor authentication on CentOS 7 - Sneh Patel","isPartOf":{"@id":"https:\/\/snehpatel.com\/#website"},"datePublished":"2019-11-16T19:31:27+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/snehpatel.com\/index.php\/2019\/11\/16\/configuring-two-factor-authentication-on-centos-7\/"]}]},{"@type":"WebSite","@id":"https:\/\/snehpatel.com\/#website","url":"https:\/\/snehpatel.com\/","name":"Sneh Patel","description":"Cyber Security Blog","publisher":{"@id":"https:\/\/snehpatel.com\/#\/schema\/person\/a39105bc63f7e11a0e07b12a4c3dda73"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/snehpatel.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/snehpatel.com\/#\/schema\/person\/a39105bc63f7e11a0e07b12a4c3dda73","name":"Sneh Patel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/snehpatel.com\/wp-content\/uploads\/2020\/09\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1","url":"https:\/\/i0.wp.com\/snehpatel.com\/wp-content\/uploads\/2020\/09\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1","contentUrl":"https:\/\/i0.wp.com\/snehpatel.com\/wp-content\/uploads\/2020\/09\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1","width":672,"height":222,"caption":"Sneh Patel"},"logo":{"@id":"https:\/\/i0.wp.com\/snehpatel.com\/wp-content\/uploads\/2020\/09\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1"},"sameAs":["http:\/\/snehpatel.com"]}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/posts\/186","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/comments?post=186"}],"version-history":[{"count":0,"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/posts\/186\/revisions"}],"wp:attachment":[{"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/media?parent=186"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/categories?post=186"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/tags?post=186"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}