Verification codes displayed by app You should notice it’ll display new codes each 30 seconds. Configure SSH Two files need to be edited in order to enable two-factor authentication in SSH. Vim /etc/pam.d/sshd Add this line: auth required pam_google_authenticator.so nullok Where to put this in the file? That depends. When you put it at the top, SSH will first ask a verification code, then a password. To me this sounds unlogical, so I placed it just below this line: @include common-auth The ‘nullok’ option, by the way, tells PAM whenever no config for 2-factor authentication is found, it should just ignore it.

Two-factor authentication (2FA) basically means you use some other information in addition to your password. Summary for Google Account (Gmail) with YubiKey (on Mac). One of the most well-known apps for two-factor authentication is the Google Authenticator app by Google itself. In order to use the Google Authenticator to secure an account, you need to have a compatible mobile device like Android, iOS, etc.

If you want SSH logins to fail, when no two-factor authentication is configured, you can delete the option. Be warned to at least config it for one user, or you will be locked out of your server. Now tel SSH to ask for the verification code: vim /etc/ssh/sshd_config Edit the setting, it’s probably set to ‘no’: ChallengeResponseAuthentication yes Now all you need to do is restart SSH. Keep a spare SSH session logged-in, just in case. /etc/init.d/ssh restart. I’ve successfully followed the steps yet I am having the following error in /var/log/secure: auth sshd(pam_google_authenticator)[2630] Failed to update secret file “/home/test2/.google_authenticator” auth sshd[2626]: error: PAM: Cannot make/remove an entry for the specified session for test2 from ip the content of my pam.d/sshd file is: #%PAM-1.0 auth required pam_google_authenticator.so auth required pam_unix.so nullok account required pam_unix.so session required pam_unix.so The file /home/test2/.google_authenticator exists with -r——–. Thanks in advance Ps using minmal centos 2.6.32-358.11.1.el6.x86_64 fully patched up.

Sorry I had tried that as well but still same issue: Jun 13 10:13:03 auth sshd(pam_google_authenticator)[2818]: Failed to update secret file “/home/test2/.google_authenticator” Jun 13 10:13:08 auth sshd[2816]: error: PAM: Cannot make/remove an entry for the specified session for test2 from 192.168.117.59 and -rw——. 1 test2 test2 126 Jun 13 04:55 /home/test2/.google_authenticator also when I try from a 3rd putty window: login as: test2 Using keyboard-interactive authentication. Verification code: Using keyboard-interactive authentication. Password: is this expected to have the “Using keyboard-interactive authentication.” shown twice?

Apple has been 'badging' my High Sierra computer and iPhone for 2 factor authentication. I suspect they are going to push this strongly now. Before I go for it, I just need a sanity check: computer: High Sierra Laptop: Yosemite (2009 Macbook pro can't be current) Server: Snow Leopard iPhone: IOS 11 (current) Apple TV 4th Gen. Would it be correct to state that when adding a new device, only the Computer and iPhone will get the 'challenge' code that can be entered onto the new device to validate? (or would the AppleTV also get it)? When enabling 2FA, is only the device being used to do this automatically 'validated', or do I get to authorize all my devices initially without the 2FA challenges for each? In the case where I need to authorize devices one by one, how does one go about triggering the authorization?

Best adobe pdf editor for mac. On Yosemite, I assume I go to the Settings -> iCloud and log back in and this triggers it? (at which point I append the code that appears on other computer to my password). What about Snow Leopard which does not have 'ICloud'? Would accessing the iTunes store trigger the process?

How does this work for web access to my AppleID (such as find my phone, etc)? Is this a case of everytime one uses Apple ID on the web, you get the challenge code on one of your devices? If not, what parameters does Apple remember to maintain authorization? Combo of IP address, browser type (Firefox, Safari etc)? Does this mean that I should web login on the 2 browsers on each of the 3 computers to trigger all the 2FA that could evr been needed later on? (trying to understand how that will work).