Problem: Google Authenticator not working along with ssh-key and password
First of all, login to Ubuntu machine where you want google-authenticator to be used along with ssh keys and password.
Step.1 Install google PAM
PAM stands for Pluggable Authentication Modules (PAM) and it provides dynamic authentication support for the applications and services in a Linux system.
# sudo apt-get update # sudo apt-get install libpam-google-authenticator
Step.2 Configure the google-authenticator for the first time and follow the procedure to answer the following questions according to your requirement.
# google-authenticator
1. Do you want authentication tokens to be time-based (y/n) Y (type Y press Enter)
In this question you will be asked to scan the QR code and secret key as shown like this:
Step.3 Enable PAM authentication for google-authenticator using below command.
# sudo nano /etc/pam.d/sshd
→ Above command will open the sshd file and you just need to add a line in the bottom of the file as given below:
auth required pam_google_authenticator.so
Then run below command to open the sshd_config files:
# sudo nano /etc/ssh/sshd_config
→ Add the below mentioned line now at the beginning of the file.
AuthenticationMethods publickey,keyboard-interactive
→ Change the value of ChallengeResponseAuthentication from no to yes
ChallengeResponseAuthentication yes
→ Change the value of PubkeyAuthentication and PasswordAuthentication from no to yes
PubkeyAuthentication yes
PasswordAuthentication yes
Step.4 Now finally restart the ssh service using the following command:
# sudo systemctl restart sshd
Now, you can check you have activated three-layer authentication methods for your Ubuntu server.