Would you like to learn how to configure Google Authenticator on Ubuntu Linux? In this tutorial, we are going to show you how to install and configure two factor authentication using Google Authenticator on Ubuntu Linux version 17.

Hardware List:

The following section presents the list of equipment used to create this Ubuntu Linux tutorial.

Every piece of hardware listed above can be found at Amazon website.

Ubuntu Playlist:

On this page, we offer quick access to a list of videos related to Ubuntu Linux.

Don't forget to subscribe to our youtube channel named FKIT.

Ubuntu Related Tutorial:

On this page, we offer quick access to a list of tutorials related to Ubuntu linux.

Tutorial - NTP on Ubuntu Linux

On the Linux console, use the following commands to set the correct timezone.

# dpkg-reconfigure tzdata

Install the Ntpdate package and set the correct date and time immediately.

# apt-get install ntpdate
# ntpdate pool.ntp.br

In our example, the Ntpdate command was used to set the correct date and time using the Brazilian server pool.ntp.br

Let's install the NTP service.

# apt-get install ntp

NTP is the service that will keep our server updated.

Use the command date to check the date and time configured on your Ubuntu Linux.

If the system shown the correct date and time, this means that you followed all the steps correctly.

Tutorial - Google Authenticator on Linux

After finishing the correct date and time configuration, you can start the Google authenticator installation.

On the Linux console, use the following commands to install the required packages.

# apt-get install libpam-google-authenticator

Now, let's create a user that will be protected by the two-factor authentication.

# adduser gohan

As superuser root, use the SU command to become the user that you want to protect and run the configuration command.

# su gohan
# google-authenticator

The system will display the configuration barcode and configuration key on the screen.

Install the Google Authenticator application on your phone, and scan the Barcode.

google-authenticator

As a backup, you should also save a copy of the Google Authenticator key.

Your new secret key is: 3LG25MS6YCAKDY6FJC2NXWVPWM
Your verification code is 214264
Your emergency scratch codes are:
83212540
99008283
42313574
57863354
69773285

You will be asked a couple of questions related to the configuration of Google Authenticator.

Answer yes, to all the questions.

Edit the ssh configuration file and enable the ChallengeResponseAuthentication option.

# vi /etc/ssh/sshd_config

ChallengeResponseAuthentication yes

Let's enable strong authentication to remote users using SSH.

Edit the PAM authentication file to SSH authentication and add the following content, as the first line.

# vi /etc/pam.d/sshd

auth required pam_google_authenticator.so nullok

Restart the SSH service.

# service ssh restart

The strong authentication is enabled for SSH access.

If you try to authenticate, you will now see the following prompt.

login as: gohan
Using keyboard-interactive authentication.
Verification code:
Using keyboard-interactive authentication.
Password:

On the verification code, you need to enter the google authenticator code.