Google Authenticator is a TOTP (Time based One Time Password) PAM (Pluggable Authentication Module) which is supported and serviced by Google.
Questions tagged [google-authenticator]
62 questions
2
votes
1 answer
Google Authenticator PAM on SSH blocks root login without 2FA
Situation:
I have activated Google Authenticator 2FA for SSH logins on Ubuntu 16.04 but made it optional in the /etc/pam.d/sshd:
auth required pam_google_authenticator.so nullok
I have setup the 2FA for accounts which can login from the Internet…
![](../../users/profiles/431970.webp)
Arno
- 23
- 3
2
votes
1 answer
Google Authenticator FreeRADIUS
I'm trying to implement google authenticator PAM module in FreeRADIUS on RHEL7.
I've loosely followed this guide: http://www.supertechguy.com/help/security/freeradius-google-auth
The reason I say loosely is things appear to have changed with the…
![](../../users/profiles/419490.webp)
Justin Whelan
- 21
- 1
- 3
2
votes
2 answers
How to configure pam sshd to allow different rules on different users/groups?
I'm configuring google two-factor authentication on an outbound server in the company I work for.
Here are the relevant configurations:
/etc/ssh/sshd_config:
ubuntu@stage-itai-1:~$ egrep -v '^#' /etc/ssh/sshd_config | sed '/^\s*$/d'
Port…
![](../../users/profiles/109833.webp)
Itai Ganot
- 10,424
- 27
- 88
- 143
2
votes
0 answers
PAM Google Authenticator With SFTP And Other Apps
I'm attempting to set up a situation where SSH Authorized Key + Google Authenticator Code is sufficient to ssh into the server.
This is working fine for normal SSH terminal operations - I'm prompted for a verification code, which I can enter, and be…
![](../../users/profiles/313777.webp)
Ben
- 21
- 2
2
votes
1 answer
Git github not working with google authenticator OSX
So I had git running on my computer just fine. My password was saved with the osxkeychain thingy and everything ran smoothly. Today I decided I should be safe and enable google authenticator 2-step authentication on all the sites that support it.…
![](../../users/profiles/206448.webp)
Max Rahm
- 123
- 3
1
vote
0 answers
How to disable global 2FA policy with CLI
I would like to ask if it's possible to disable the global 2FA policy (everyone need to activate 2FA before accessing gitlab) but I can't disable on the web interface because I can't activate it, it gives me everytime PIN code invalid. I tried to…
![](../../users/profiles/503291.webp)
executable
- 197
- 3
- 15
1
vote
1 answer
google-authenticator codes not working while emergency scratch codes do it right
Installing google-authenticator on a Debian behind another Debian firewall in a very restricted configuration on connectivity
(NetinVM, a virtual machine constellation inside a VM)
Installation goes OK
Synchronisation with phone app OK
SSH…
![](../../users/profiles/520177.webp)
pGrnd2
- 15
- 4
1
vote
1 answer
Access of users using google-authenicator without token
I'm using google authenticator pam module on CentOS to create a 2FA authentication for my users, however, I want that only the users that have already registered with the authenticator are asked to input its code, while users that hasn't registered…
1
vote
1 answer
OpenVPN MFA without unix users
Have you guys have an idea is it possible to configure OpenVPN with pam_google_authenticator.so with no need to authenticate using username/password but only cert + TOTP? I don't want to create a new unix user for every new VPN client.
I cannot find…
![](../../users/profiles/352658.webp)
YasiuMaster
- 21
- 3
1
vote
0 answers
Google authenticator on Windows
I need to setup Google Authenticator on MS Windows server to implement 2-factor authentication for a web application.
Which server software is the best to use for this purpose?
![](../../users/profiles/299289.webp)
Gwidion
- 331
- 2
- 7
1
vote
1 answer
Tacacs+ with PAM two-factor Google authentication?
I'm working on a tacacs+ server for my campus network, and I have been wondering how I could set up a tacacs+ server to communicate to PAM running google's two-factor authentication. I've done quite a bit of googling, found some useful information,…
![](../../users/profiles/378360.webp)
Disco King
- 13
- 5
1
vote
1 answer
Logout user if they break a bashrc command
I'm running a small script when a user accesses my Linux host via SSH. This script should verify and/or set up Google Authenticator MFA access for the user.
Right now it works as intended with one caveat - at any moment during the MFA configuration…
![](../../users/profiles/316371.webp)
Joum
- 151
- 1
- 8
1
vote
2 answers
How to automate google-authenticator MFA configuration for SSH access
At my company we currently have a SSH jump server of sorts, through which our workers access our clients' server endpoints. We have setup a couple of Ansible playbooks that essentially create/remove/update users access to that Jump server, by…
![](../../users/profiles/316371.webp)
Joum
- 151
- 1
- 8
1
vote
1 answer
What is the right way to back up google authenticator emergency keys?
I'm implementing Google 2-Factor Authentication on some servers in my company.
When configuring Google 2FA on client computers, 5 emergency codes are generated to be used if a user forgets his master password or loses access to his soft token…
![](../../users/profiles/109833.webp)
Itai Ganot
- 10,424
- 27
- 88
- 143
1
vote
0 answers
MS Active Directory with Google Authenticator
I am currently designing our new internal IT services, including IAM and e-mail. We currently use more or less no IAM or single sign-on solution. We have a WordPress based website, postfix + dovecot based mail server with separate MySQL user…
![](../../users/profiles/150488.webp)
Mark
- 63
- 8