For security, Google’s dynamic verification code verification is required when logging in. After you enter the server login password, enter the dynamic verification code. This verification code is calculated by the google app authenticator based on the current time. The time on all centos must be synchronized with the current time.
Install google's authenticator on centos, the result will show a QR code, offer you to scan, scan with the authenticator on your mobile phone.
installation steps
1. vim /etc/selinux/config
Open this file and change SELINUX=enforcing to SELINUX=disabled.
2. Install Toolkit
yum install wget gcc make pam-devel libpng-devel
The installation process will prompt y/n, keep y forever.
3. Install Google Authenticator
yum -y install google-authenticator qrencode mercurial
5. for
4. Configure the ssh service to call the google authenticator PAM plugin
vim /etc/pam.d/sshd
In the first line (that is, the next line of auth, required pam_sepermit.so) add the following code
auth required pam_google_authenticator.so
Continue to modify the configuration file
vim /etc/ssh/sshd_config
5. Restart the service
使用google authenticator PAM插件为ssh登录账号生成动态验证码
注意:哪个账号需要动态验证码,请切换到该账号下操作。
(可以在不同用户下执行这个命令以生成各自的二次验证码)
service sshd restart
Keep y, keep yes.
Finally, a QR code and an emergency verification code will be generated. Save the screenshot. The emergency verification code is used as a temporary QR code when the phone is dropped.
The dynamic QR code needs to be scanned with the google authenticator on the mobile phone as it is used for login.