Linux | Multi Factor Authentication (MFA) without password

Author - Navneet Kashyap

When implementing Multi Factor Authentication (MFA) for linux server with ssh-key and google-authenticator only with no password it was prompting us to enter password for user but we wanted authentication without password.

Steps to solve this:

1.  Install google authenticator (centos 64-bit) in a new terminal window:

yum install google-authenticator.x86_64

2.  Now vi /etc/pam.d/sshd (add following line at the top):

auth required pam_google_authenticator.so

3.  Then vi /etc/ssh/sshd_config:

# Change settings as mentioned below and in same order.
ChallengeResponseAuthentication yes
UsePAM yes
AuthenticationMethods publickey,keyboard-interactive
PasswordAuthentication no

4.  Then vi /etc/pam.d/sshd:

#auth substack password-auth (comment out)

Save and exit

5.   Then service sshd restart.

Webner Solutions is a Software Development company focused on developing Insurance Agency Management Systems, Learning Management Systems and Salesforce apps. Contact us at dev@webners.com for your Insurance, eLearning and Salesforce applications.

Leave a Reply

Your email address will not be published. Required fields are marked *