{"id":26415263,"url":"https://github.com/mayanksharma001/2fauth-ssh","last_synced_at":"2025-06-20T18:14:36.931Z","repository":{"id":281398304,"uuid":"945150291","full_name":"MayankSharma001/2FAuth-SSH","owner":"MayankSharma001","description":"This repository contains a project I made to strengthen the security of ssh authentication with OTP created with Google Authenticator","archived":false,"fork":false,"pushed_at":"2025-03-08T19:54:04.000Z","size":199,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-18T00:17:59.250Z","etag":null,"topics":["authentication","bash","linux","multifactor-authentication","security-tools","shell"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MayankSharma001.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-08T19:16:50.000Z","updated_at":"2025-03-12T03:48:58.000Z","dependencies_parsed_at":"2025-03-08T20:39:28.978Z","dependency_job_id":null,"html_url":"https://github.com/MayankSharma001/2FAuth-SSH","commit_stats":null,"previous_names":["mayanksharma001/2fauth-ssh"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/MayankSharma001/2FAuth-SSH","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MayankSharma001%2F2FAuth-SSH","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MayankSharma001%2F2FAuth-SSH/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MayankSharma001%2F2FAuth-SSH/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MayankSharma001%2F2FAuth-SSH/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MayankSharma001","download_url":"https://codeload.github.com/MayankSharma001/2FAuth-SSH/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MayankSharma001%2F2FAuth-SSH/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260994045,"owners_count":23094283,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","bash","linux","multifactor-authentication","security-tools","shell"],"created_at":"2025-03-18T00:18:05.447Z","updated_at":"2025-06-20T18:14:31.917Z","avatar_url":"https://github.com/MayankSharma001.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# 2FAuth-SSH\n\nThis project demonstrates how to secure SSH authentication using Google Authenticator for multi-factor authentication (MFA).\n\n## Prerequisites\n1. A Linux server\n2. Root or sudo access\n3. An SSH client\n4. Google Authenticator app installed on your mobile device\n\n## Step 1: Install OpenSSH Server\n  - If SSH is not installed, install it using\n    ```bash\n      sudo apt update \u0026\u0026 sudo apt install openssh-server -y  \n  - Enable and start SSH service and check if SSH is running:\n   ```bash\n       sudo systemctl enable ssh \u0026\u0026 sudo systemctl start ssh \u0026\u0026 sudo systemctl status sshd\n```\n\n## Step 2: Install Google Authenticator\n    sudo apt install libpam-google-authenticator -y\n- Run the Google Authenticator setup for your user:\n  ```\n    google-authenticator // Follow the prompts and save the QR code / secret key shown. Now a qr code will be generated. Scan that code with the google authenticator app and add it into your app\n  ```\n\n## Step 3: Configure SSH to Use Google Authenticator\n- Edit the SSH configuration file:\n  ```\n  sudo nano /etc/ssh/sshd_config\n- Ensure the following lines exist and are set correctly:\n ```\n  - ChallengeResponseAuthentication yes // Controls whether SSH allows challenge-response authentication methods like Google Authenticator (TOTP-based 2FA).\n  - UsePAM yes // Determines whether SSH uses PAM (Pluggable Authentication Modules) for authentication. Google Authenticator works via PAM, so if UsePAM no is set, it won't work even if \n    ChallengeResponseAuthentication yes is enabled.\n  - #KbdInteractiveAuthentication no // this line should either be set to \"no\" or make this line into a comment\n  ```\n\n## Step 4: Enable Google Authenticator in PAM\n  - Edit the PAM SSH file:\n      ```\n       sudo nano /etc/pam.d/sshd\n      ```\n  - Add this line at the end then save and exit:\n    ```\n     auth required pam_google_authenticator.so\n    ```\n  - Restart SSH to apply changes:\n    ```\n      sudo systemctl restart sshd\n    ```\n\n## Step 5: Firewall Configuration\n  ```\n  sudo ufw allow 22/tcp\n  sudo ufw reload\n```\n\n## Step 6: Testing SSH Login\n  - Now, try logging in to your server using SSH:\n    ```\n     ssh username@ip  // for username enter \"whoami\" and for ip enter \"hostname -I\"\n    ```\n  \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmayanksharma001%2F2fauth-ssh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmayanksharma001%2F2fauth-ssh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmayanksharma001%2F2fauth-ssh/lists"}