-
Notifications
You must be signed in to change notification settings - Fork 2
/
centos7_2_factor_authentication.sh
40 lines (31 loc) · 1.07 KB
/
centos7_2_factor_authentication.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/bin/sh
# Google Authenticator 2 factor authentication install script for CentOS 7
yum -y update
yum -y groupinstall "Development Tools"
# authentication policies
yum -y install pam-devel
# ntp
yum -y install ntp
#chkconfig ntpd on
#service ntpd start
systemctl start ntpd.service
systemctl enable ntpd.service
# git
yum -y install git
# google authenticator
#yum -y install google-authenticator
git clone https://github.com/google/google-authenticator
cd google-authenticator/libpam
./bootstrap.sh
./configure
make
make install
cp /usr/local/lib/security/pam_google_authenticator.* /usr/lib64/security/
cd ../../
rm -rf google-authenticator
google-authenticator -tdf --rate-limit=3 --rate-time=30 --window-size=17
# active 2 factor authentication
sed -i '/#%PAM/a auth\ \ \ \ \ \ \ required\ \ \ \ \ pam_google_authenticator.so' /etc/pam.d/sshd
sed -i 's/#ChallengeResponseAuthentication\ yes/ChallengeResponseAuthentication\ yes/g' /etc/ssh/sshd_config
sed -i 's/ChallengeResponseAuthentication\ no/#ChallengeResponseAuthentication\ no/g' /etc/ssh/sshd_config
systemctl reload sshd