Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [google-authenticator]

Google Authenticator is a TOTP (Time based One Time Password) PAM (Pluggable Authentication Module) which is supported and serviced by Google.

62 questions
1
vote
1 answer

SSH Authentication using RADIUS + Google Authenticator

I'm trying configure my SSHD's to authenticate users using FreeRadius. The FreeRadius server needs to first require a valid OTP using Google Authenticator, and then verify the system account password. I can get things working if I set the Radius…
noderunner
  • 171
  • 2
  • 8
1
vote
1 answer

Google Authenticator - generate new set of emergency codes

I use Google Authenticator on my SSH servers with Andoid app for generating codes. After I run $ google-authenticator application create set of emergyncy…
martin
  • 218
  • 1
  • 3
  • 11
1
vote
0 answers

FreeRadius-GoogleAuthenticator-Kerberos Password Change Weirdness

We are using FreeRadius, Kerberos and Google Authenticator to implement two-factor authentication. The two factor auth works fine, both from radtest and from a Watchguard firewall. To log in, a user enters their Kerberos password and concatenates…
DASHbay
  • 11
  • 1
1
vote
1 answer

possible? radius server with active directory users and google authentication

We currently have an old RSA token - Radius environment we want to replace Would this architecture be possible? (this works, there are examples on the internet) Linux server Google Authentication Fee radius server Now the new part: User list would…
hoberion
  • 231
  • 2
  • 15
1
vote
3 answers

Using Google Authenticator with an IMAP server

Google released it's Google Authenticator Module with a PAM interface. Have someone experience on implementing this into an imap server?
cedivad
  • 680
  • 3
  • 13
  • 25
1
vote
1 answer

Enforcing 2FA configuration on next SSH login for every user

I have found numerous tutorials on how to enable 2FA (TOTP, RFC 6238) but is there also a way to force SSH users to configure it on the first login? (I am using OpenSSH server) I guess I could create a script that runs everytime and checks whether a…
phk
  • 65
  • 9
1
vote
1 answer

SSH authentication: (public key xor password) + google authenticator code

I'm using Debian bullseye. I'm trying to set up SSH two types logins: password + code from Google's Authenticator (if user set it, "nullok" option), public key + code from Google's Authenticator (if user set it, "nullok" option). Type #1 works for…
Karol
  • 11
  • 3
1
vote
1 answer

MS RRAS + MS VPN Client + Google Authenticator + SecureMFA

I'm running on-premise Windows Server 2019 domain, and Microsoft RRAS to allow remote users access to the local network. Remote users are using the built-in Microsoft VPN SSTP for Windows 10 clients and L2TP for Mac clients. My objective is to…
SpecProd
  • 11
  • 2
0
votes
1 answer

Linux PAM: SSH key + 2FA (google authenticator) + password - Specify auth requirements per user

I have installed and configured PAM on my Ubuntu server which is working correctly. To log in I want to require an SSH Key to be installed, a password to be provided and a valid code from an authenticator app. The issue that I have is that I would…
Ben Turner
  • 101
  • 4
0
votes
0 answers

SSH disabling google-authenticator from specific IP

I have setup google-authenticator as 2FA together with publickey authentication. What I need is to skip the 2FA when connecting by SSH from specific IP. I'm running Ubuntu 18.04. Relevant snippet from of /etc/pam.d/sshd # PAM configuration for the…
J91321
  • 156
  • 6
0
votes
0 answers

Is using HOTP only authorization considered weak?

I have seen many experts advising usage of some kind of OTP as second step of 2FA schemes. I fully understand 2FA is more secure than Single Authorization, but it is also more inconvenient for casual user. We currently have schemes with "strong…
ZioByte
  • 246
  • 3
  • 15
0
votes
0 answers

Is the configuration I want possible? Problems with SSH to Redhat server using google authentication 2fa

I'm attempting to configure two factor authentication when using SSH to connect to my redhat ec2 instance. I would like to configure it like this: If user has both ssh key and google auth set up, use these two factors If user has no ssh key, use…
Jquinn
  • 1
0
votes
0 answers

Multi-Factor Authentication varieties and is there a universal bridge for them

I am trying to research a project on how to connect to multiple enterprise environments that employ multi-factor authentication using a singular approach. My question is, are there any systems out there that can provide a single MFA interface that…
spinon
  • 101
  • 2
0
votes
1 answer

RHEL 7 google-authenticator publickey only with optional MFA

I am trying to setup MFA on RHEL 7 and running into a chicken and egg problem. If I enable MFA in pam you can't login to setup your .google-authenticator file. I understand that the nullok option in pam should allow this to work and pass through…
MFG
  • 1
  • 1
0
votes
0 answers

Google Authenticator on Nginx

I built Nginx with ngx_http_auth_pam_module and edited Nginx configurations and /etc/pam.d/nginx like this Part of virtual host setting location / { root /projects/admin; index index.html index.htm; auth_pam "Google Authenticator Code…
CodingBear
  • 3
  • 5
1 2
3
4 5