How to Use Two-Factor Authentication with Ubuntu

Two-Factor Authentication with Ubuntu

Two-Factor Authentication with Ubuntu: Over time, the normal username and password authentication have proven inadequate in providing robust security to applications and systems. Usernames and passwords can easily be cracked employing a plethora of hacking tools. leaving your system at risk of breaches. For this reason, any company or entity that takes security seriously has to implement 2-Factor authentication.

Colloquially referred to as MFA (Multi-Factor Authentication). 2-Factor Authentication provides an additional layer of security. That needs users to provides certain details like codes, or OTP (One Time Password) before. After authenticating with the standard username and password.

Nowadays multiple companies like Google, Facebook, Twitter, and AWS, to say some provide users. The selection of putting in MFA to further protect their accounts.

In this guide, we demonstrate how you’ll be able to use Two-Factor Authentication with Ubuntu.

Install Google’s PAM Package | Two-Factor Authentication with Ubuntu

First off, install the Google PAM package. PAM, an abbreviation for Pluggable Authentication Module could be a mechanism. That gives an additional layer of authentication on the Linux platform.
The package is hosted on the Ubuntu repository. So proceed and use the apt command to put in it as follows:

sudo apt install libpam-google-authenticator

It will be prompted, hit 'Y' and press ENTER to continue.

Additionally, you have to put in the Google Authenticator application on your smartphone. The app will show you a 6 digit OTP code that auto-renews every 30 seconds.

Configure Google PAM in Ubuntu

With the help of the Google Authenticator app. We will configure the Google PAM package on Ubuntu by modifying it. The config file /etc/pam.d/common-auth file as shown.

sudo vim /etc/pam.d/common-auth

Uncomment the line below in the file.

auth required
Two-Factor Authentication with Ubuntu

Save the file and exit.

run the below command to initialize the PAM.

$ google-authenticator

This will evoke a pair of questions on your terminal screen. First, you’ll be asked if you would like authentication tokens to be time-based.

Two-Factor Authentication with Ubuntu

Time-based authentication tokens expire after a specific time. By default, this is often after 30 secs, upon which a brand new set of tokens is generated. These tokens are considered safer than non-time-based tokens, and thus, type ‘y’ for yes and hit ENTER.

Next, a QR code is going to be displayed on the terminal as shown below and right below it. some information is going to be displayed. the knowledge displayed includes:

  • Secret key
  • Verification code
  • Emergency scratch codes

You need to save lots of this information to a vault for future reference.
Launch the Google Authenticator App on your smart device. Choose ‘Scan QR code’ to scan the QR code presented.

You need to maximize the terminal window for the scan of the complete QR code. Once the QR code is scanned, a six-digit OTP that changes every 30 seconds is displayed on the App.

About the author


Leave a Comment