Secure SSH with Google Authenticator Two-Factor Authentication on CentOS 7 Might give this a try. @eva2000 might be a nice add for centmin mod... extra layer of security.
Yeah leave it to end users as once you loose your phone you'd be in trouble. I use 2 step but i have my GA codes sync'd to 3x phones + 3x tablets
Also an added bonus if GA is linked to your phone number with iMessage...you can also receive authentication codes via Messages app on OS X
Thats the issue with GA. I had issues when I got a new phone and wiped the old one after forgetting about GA. Took a while to regain access to my accounts. Authy handles this alot better.
Theres always this GitHub - authy/authy-ssh: Easy two-factor authentication for ssh servers but they charge you up to $0.09 per auth after 100 auths per month.
Found this Use One-Time Passwords for Two-Factor Authentication with SSH on CentOS 7 but in my opinion unless you have national secrets on your server it seems overkill
Yeah Authy does it better. This would be be something to look at it next dev release after 123.09beta01 goes stable
I'm unclear why people say about losing their phone and they'd be out of luck - heard that many places. I always copy the security key vs. scanning the qr code. I actually use GAuth Chrome Extension, never used my phone. Even if I delete the chrome extension, as long as I have the security key, I can just enter it again. Have to check out the other one posted here.
You're right, but most people including myself are either too lazy or couldn't be bothered to save the security key or backup codes. Google just needs to add a transfer phones or backup option.
nice what repo has google-authenticator in it for centos 7, can't seem to install it, i already have epel and remi
yes there is but if you loose those emergency codes ? also by default GA on server is set for time based authentication so as that screenshot says, time skew between client and server
have to manually install it work i did on this 4+ months ago outlined in a gist and tested on centmin mod 123.09beta01 centos 7 local server 2FA for centminmod · GitHub also some lines are for ntp test routines to ensure server clock doesn't time drift/skew - some code made it into 123.09beta01 already for ntp tests. Though still weighing up if ntpd is best way to manage time sync for server versus newer alternatives to ntpd like ntpsec and chrony could be problematic on openvz systems as ntp isn't used as openvz gets time from openvz host node so if they experiences time skew/drift !
ya if that't the case i'll hold off on installing it then, i wanted an easy way to remove it if things go sideways
The OP yum install google-authenticator doesn't work. Found a good tut below - though I haven't tried it yet because of the Super Bowl... tomorrow. RHEL 7 Two-Factor SSH Via Google Authenticator