jeffgeiger · March 13, 2018 03:40 · Feb 3, 2017 · Feb 3, 2017
diff --git a/SSH_2FA_Google.md b/SSH_2FA_Google.md
@@ -4,6 +4,7 @@
 # Also note, the repo has moved, so you need to adjust the git path:
 # https://github.com/google/google-authenticator-libpam
 
+sudo yum install epel-release -y
 sudo yum install qrencode qrencode-devel qrencode-libs
 sudo yum install google-authenticator-1.03-1.el7.centos.x86_64.rpm
 google-authenticator  #per-user setup

diff --git a/SSH_2FA_Google.md b/SSH_2FA_Google.md
@@ -0,0 +1,26 @@
+```  
+## Build RPM as per https://github.com/google/google-authenticator-libpam/blob/master/contrib/README.rpm.md
+# Do this elsewhere, you don't want dev tools on a box you're trying to secure.  ;) 
+# Also note, the repo has moved, so you need to adjust the git path:
+# https://github.com/google/google-authenticator-libpam
+
+sudo yum install qrencode qrencode-devel qrencode-libs
+sudo yum install google-authenticator-1.03-1.el7.centos.x86_64.rpm
+google-authenticator  #per-user setup
+sudo vim /etc/pam.d/sshd
+# Add (top item)
+# ---
+auth       sufficient   pam_google_authenticator.so
+# ---
+
+sudo vim /etc/ssh/sshd_config
+# Modify /etc/ssh/sshd_config  (Add/change the following)
+# ---
+ChallengeResponseAuthentication yes
+UsePAM yes
+AuthenticationMethods publickey,keyboard-interactive
+PasswordAuthentication no
+# ---
+
+systemctl restart sshd
+```
No results found