Changes between Version 2 and Version 3 of NspwUprouse/Agenda/ssh

Timestamp:

Sep 5, 2021, 7:31:19 PM (3 years ago)

Author:

admin

Comment:

--

NspwUprouse/Agenda/ssh

@@ -144 +144 @@
  - Scan the QRcode that appears with the Google Authenticator app or you can add the secret key Google Authenticator app.
  - Save the backup codes listed somewhere safe. They will allow you to regain access if you lose your phone with the Authenticator app.
- - Next, it will ask several questions; unless you have a good reason to, the defaults presented are sane. Just enter "y" for them.
+ - Next, it will ask several questions; . Just enter "y" for them.
 {{{
 Do you want me to update your "/home/myuser/.google_authenticator" file (y/n)
+
 Do you want to disallow multiple uses of the same authentication
 token? This restricts you to one login about every 30s, but it increases
 your chances to notice or even prevent man-in-the-middle attacks (y/n)
+
 By default, tokens are good for 30 seconds and in order to compensate for
 possible time-skew between the client and the server, we allow an extra
@@ -155 +157 @@
 time synchronization, you can increase the window from its default
 size of 1:30min to about 4min. Do you want to do so (y/n)
+
 If the computer that you are logging into isn't hardened against brute-force
 login attempts, you can enable rate-limiting for the authentication module.
@@ -166 +169 @@
 sudo vi /etc/pam.d/sshd
 }}}
- - Add the following line:
+ - Add the following line to the bottom:
 {{{
-auth required pam_google_authenticator.so
+auth required pam_google_authenticator.so nullok
+auth required pam_permit.so
 }}}
  - ''':wq''' Save and quit.
@@ -175 +179 @@
 sudo vi /etc/ssh/sshd_config
 }}}
- - Search for '''ChallengeResponseAuthentication''' and replace no with yes
+ - Search for '''!ChallengeResponseAuthentication''' and replace no with yes
 {{{
 ChallengeResponseAuthentication yes