If you really want to secure your Linux server, then the two-factor authentication must be considered as a must-use. If you want to lock your Linux servers and desktops, then you owe yourself a two-factor authentication. This is because by adding the authentication, it becomes more intricate for the malicious users to gain access to your machines. With Linux, it’s very possible to set up the machine so that you can’t log into the desktop or console or by any way of the secure shell without the two-factor authentication code that’s associated with the machine.
Before you begin
Before you begin with the process, there’s one thing you must know about adding the two-factor authentication. It is that once you’ve set it up without any third party generated codes, you won’t be able to gain access to your machine. Every time you want to log in, you will have to do it with the smartphone o the emergency codes. These can be generated easily with the installation of the necessary tools.
What you’ll need
The first thing you’ll need is a Linux desktop or a server. Make sure that it’s fully updated and the data is backed up. Along with this, you’ll require a third-party application to generate the two-factor codes. You can use Authy for the task or the Google Authenticator app.
- The first step is to log into the Linux server and follow the steps given below-
- Open up the terminal window
- Now, Issue the command for -google-authentication
- Type the sudo password and hit enter
- If it’s prompted, type y and hit enter
- Allow the installation to complete
- Configure the machine with two-factor authentication
This authentication has been around for a very long time. It needs two methods of authentication which can be used to verify the user’s identity. This basically consists of the regular username and password with a verification code that’s sent to you via the mobile device or the text message.
Considerations and Prerequisites
Setting it up means that all the users of the system will need the verification code from Google authentication user when –
- Logging in to the system
- Running sudo commands
The added up layer of security is also very vital. It’s especially needed on the machines that house sensitive data.
Here’s how you can do it
- Install Google Authenticator – For mobile devices, install the Google Authenticator from the Google Playstore. Accept all the requirements and wait for the installation to finish. Fire up the terminal session on the server or desktop.
- Configuration – You’ll have to edit the file to add up the two-step authentication factor to the precious Linux box.
- Set up the individual users – In this step, you need to finally link the Google Authentication. This is the step that requires to be run for all the users that log in your system. Take care of the QR codes, a verification code, five emergency scratch codes, a new secret key, and others. The QR code along with the secret key serves the same function. The verification code is a one-time code that can be used immediately when required. Then there are scratch codes that are used as the one-time codes which can be used in the event that don’t have the mobile device handy. The users can easily print these out and get them stored under the thermonuclear lock or key or just ignore them easily. This will ultimately depend on how prone you’re to forgetting or losing the mobile devices.
- Set up the mobile application – Before you continue to any of the other users, you need to complete the one that you’re currently logged in with. If this is your first time launching the Google Authenticator on the mobile device, then click on Begin. You can do it from the main window click plus icon in the bottom corner. If the resolution on the terminal window is not good enough for you to see the QR code, then select Scan a barcode or enter the provided key. If you opt for the key option, you will have to enter the account name to help yourself remember which account it definitely relates to. This will add up a layer of protection to your mobile device.
- Final steps and testing – Open the Google Authenticator on our mobile and type the six-digit authentication code on the terminal window. Enter up the sudo password and hit enter. You will be logged in. You can simply follow the steps that are exactly the same as are for the first users. After you’ve answered all the questions, then you can add up another account as you wish. Once all the users have been set up, you’ll feel secure with all your data.
That’s it! Your Linux machine is more secure than it was previously.
Make your Linux server secure with a few easy steps.
Till then, stay tuned!