Installation way:
yum -y install google-authenticator
Note: If you do not find, you want to install epel-release source, yum -y install epel-release
Installation way:
yum install -y git make gcc libtool pam-devel qrencode ntpdate
git clone https://github.com/google/google-authenticator-libpam.git
cd google-authenticator-libpam/
./bootstrap.sh
./configure
make
make install
Configuring ssh
vim /etc/ssh/sshd_config
Modify the following configuration items:
ChallengeResponseAuthentication yes
UsePAM yes
Configuring PAM
vim /etc/pam.d/sshd
#%PAM-1.0
auth required pam_google_authenticator.so #添加至第一行
Ssh restart
systemctl restart sshd
Configuring google authenticator
prerequisite: you need to switch to an account set up
google-authenticator
Do you want authentication tokens to be time-based (y/n) #基于时间生成身份验证
#已经安装qrencode会产生一个二维码,二维码连接也可以URL显示
Your new secret key is :*********** # 密钥key
#使用移动端的 authenticator 扫描二维码或者输入密钥key
#得到code from app :
Enter code from app (-1 to skip): #输入得到的code,动态验证
Your emergency scratch codes are: # 生成5 个紧急救助码
Do you want me to update your "/root/.google_authenticator" file? (y/n) #一直确认下去
# 生成了一个 .google_authenticator 文件
your chances to notice or even prevent man-in-the-middle attacks (y/n) #一直确认下去
Do you want to do so? (y/n) #一直确认下去
Do you want to enable rate-limiting? (y/n) #设置完成
#上面的意思大概为:禁止多次使用相同的身份验证,限制每30秒登录一次,移动端每30秒更新一次,移动端和客户端时间误差30秒,30秒内不能超过3次登录。
If you need to delete a user's Google verification, delete the user generated home/.google_authenticator
file to