Integrating Google Authenticator with SSH logins

Best Laid Plans

© Photo by Pedro Miranda on Unsplash

© Photo by Pedro Miranda on Unsplash

Article from Issue 269/2023

The Google Authenticator PAM module allows you to use time-based Google Authenticator passwords with various Linux services, including SSH.

In recent years, multifactor authentication (MFA) has been a hot topic in information security, with many organizations and software services now making it a requirement. To achieve MFA, two or more authentication factors must be provided by a user to pass authentication. These factors include something you have, something you know, something you are, somewhere you are, or something you do.

Many organizations have turned to the Google Authenticator tool to implement MFA using a time-based one-time password (TOTP). Using TOTP with Google Authenticator satisfies the "something you have" authentication factor because TOTP requires a device in the user's possession (e.g., the user's Android smartphone or iPhone.) Adding a regular user password to satisfy the "something you know" authentication factor provides the second factor to achieve MFA. Many software as a service (SaaS) providers, such as GitHub, AWS, and Microsoft Azure, support Google Authenticator as an option for MFA.

At a high level, TOTP works by having a secret key that is generated on a service and shared with a device. The TOTP algorithm with two inputs, the secret key plus the system's Unix time, results in a one-time password known by both the device and the service. A new password is typically generated every 30 or 60 seconds.


Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Two-Factor Authentication

    Add an extra layer of protection with one-time passwords.

  • 2FA

    Protect your system from unwanted visitors with two-factor authentication.

  • Linux with Active Directory

    Microsoft's Active Directory system provides centralized user management and single sign-on. If you're ready for a few manual steps, Linux can leverage this potential.

  • Securing Your SSH Server

    An SSH server facing the Internet will almost certainly be under attack, but a few proactive steps will help to keep the intruders away.

  • One-Time Passwords

    A one-time password won't compromise security if it falls in the wrong hands. OPIE and OTPW bring the safety of one-time password security to Linux.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters