It came to me that I needed to increase the security on one of my Ubuntu servers and thought of Google Authenticator so I had two step verification when sign in with ssh.
You will now have a complete guide how to install and configure it.
NOTE: It's important to know that this setup won't work if you're using keys to authenticate at this time. It would probably require a patch for OpenSSH as public keys will bypass PAM.
Configure your phone
Install the Google Authenticator application.
Android - Google Play
iPhone - Apple AppStore / iTunes
Getting the package
Jean-Francois Theroux (failshell) built a package for libpam-google-authenticator and its available in his PPA. First, let's add his PPA to your list of sources:
Now, update your sources list using 'sudo apt-get update'.
sudo add-apt-repository ppa:failshell/stable
Next, install the PAM module using:
This package provides 2 important files: /lib/security/pam_google_authenticator.so and /usr/bin/google-authenticator.
sudo apt-get install libpam-google-authenticator
Configure your account
Now, we need to run
to configure your account. It will print out a QR code. Use your Google Authenticator application to scan it. Validate the verification code.
Next, we need to instruct PAM to use that new module. In the example, we'll configure it only for SSH. Edit with your favorite editor /etc/pam.d/sshd and add the following line at the beginning of the file:
auth required pam_google_authenticator.so
Make sure in /etc/ssh/sshd_config the following line is the same:
And just restart SSH.
sudo service ssh restart
NOTE: It's best at this time that you leave your current session open, in case something went wrong with your configuration. That will allow you to roll back.