Linux | Multi Factor Authentication (MFA) without password

|
| By Webner

When implementing Multi Factor Authentication (MFA) for linux server with ssh-key and google-authenticator only with no password it was prompting us to enter password for user but we wanted authentication without password.

Steps to solve this:

1.  Install google authenticator (centos 64-bit) in a new terminal window:

yum install google-authenticator.x86_64

2.  Now vi /etc/pam.d/sshd (add following line at the top):

auth required pam_google_authenticator.so

3.  Then vi /etc/ssh/sshd_config:

# Change settings as mentioned below and in same order.
ChallengeResponseAuthentication yes
UsePAM yes
AuthenticationMethods publickey,keyboard-interactive
PasswordAuthentication no

4.  Then vi /etc/pam.d/sshd:

#auth substack password-auth (comment out)

Save and exit

5.   Then service sshd restart.

Leave a Reply

Your email address will not be published. Required fields are marked *