1. Intro
I want to configure OTP to use SSH connection to CentOS server.
2. Setup
2.1. install package
yum install -y libtool pam-devel ntp git
2.2. setup ntpd
The reason for using ntpd is that OTP is time-based.
service ntpd start chkconfig ntpd on chkconfig --list ntpd
2.3. git clone & setup google OTP
cd /usr/local/src git clone https://github.com/google/google-authenticator-libpam cd google-authenticator-libpam ./bootstrap.sh ./configure --libdir=/lib64 make install
2.4. setup pam.d, sshd config
# pam.d
# nullok : otp 설정한 계정만 OTP 사용 / nullok 없을 경우 : 모든 계정 otp 사용
vi /etc/pam.d/sshd
auth required pam_google_authenticator.so nullok
# sshd_config
vi /etc/ssh/sshd_config
PasswordAuthentication yes
ChallengeResponseAuthentication yes
UsePAM yes
service sshd restart
2.5. set SELinux is disabled
sestatus setenforce 0 sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/sysconfig/selinux sestatus reboot
2.6. Account otp settings
# 해당 계정으로 로그인 후 계정의 홈 디렉토리로 이동 su - [username] cd google-authenticator y → y → y → y