2019
01.10

1/3 2FA with Google Authenticator

add your SSH keys to the host

creating ed25519 SSH keys

configure sshd

sudo vim /etc/pam.d/sshd


2     auth required pam_google_authenticator.so
...
5     # @include common-auth

sudo vim /etc/ssh/sshd_config

37    PubkeyAuthentication yes
...
56    PasswordAuthentication no
...
61    ChallengeResponseAuthentication yes
...
84    UsePAM yes
...
123    Match User USERNAME
124        AuthenticationMethods publickey,keyboard-interactive

 

restart sshd service

sudo systemctl restart sshd.service

2019
01.10

SSH key creation

$ ssh-keygen -t ed25519

Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/USERNAME/.ssh/id_ed25519):

enter a passphrase

Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/USERNAME/.ssh/id_ed25519_test.
Your public key has been saved in /home/USERNAME/.ssh/id_ed25519_test.pub.
The key fingerprint is:
SHA256:SHA256-HASH USERNAME@HOSTNAME
The key's randomart image is:
+--[ED25519 256]--+
|.................|
|.................|
|.................|
|.................|
|.................|
|.................|
|.................|
|.................|
|.................|
+----[SHA256]-----+

copy SSH key to remotehost

ssh-copy-id username@remotehost

or manually copy .ssh/id.ed25519.pub into .ssh/authorized_key on your remotehost