Two-factor authentication part 2 - 2FA with SSH
On any linux based server, it is possible to protect SSH with two-factor authentication using the Google Authenticator PAM module. This is actually easy to install and configure. Login to your SSH server and install the module. On Debian (or for instance Raspbian): sudo apt-get install libpam-google-authenticator On Fedora: dnf install google-authenticator Create the verification key for the user. I prefer to not allow root access to a server, so this step should be run as the user that should be able to login: google-authenticator You can answer y to most questions. Finally, you will get a QR code that can be scanned by your phone TOTP app (any standard TOTP application will do). Make sure to store the emergency codes in a safe place, such as a Keepass database or on a paper. Now you need to make a few changes, so that PAM (which is responsible for authentication on most linux systems) asks for the verification code in addition to your password when logging in thr...