How to secure access to your CentOS server using two-factor authentication

How to use two-factor authentication to protect CentOS server access security

Abstract: With the increase in network attacks, protecting server access security has become particularly important. Two-factor authentication is a way to enhance server security. This article will introduce how to use two-factor authentication on CentOS servers to improve access security.

Keywords: two-factor authentication, CentOS server, access security, code example

1. What is two-factor authentication

Two-factor authentication refers to passing Verify the user's identity using more than two different authentication factors. Common authentication elements include: password, fingerprint, token, etc. In traditional single-factor authentication, you only need to enter your username and password to log in, while two-factor authentication requires users to provide another form of identification in addition to their password to increase security.

In this article, we will implement two-factor authentication using two different authentication elements: password and token.

2. Configure the CentOS server

1. Install the required software packages

First, we need to install the required software packages. Enter the following command in the terminal:

sudo yum install -y epel-release
sudo yum install -y pam_radius_auth

2. Configure RADIUS server

RADIUS (Remote Authentication Dial-In User Service) server is used to verify the token. In this example, we will use FreeRADIUS as the RADIUS server.

Open the RADIUS server configuration file/etc/raddb/clients.conf and add the following:

client YOUR_SERVER_IP {
    secret          = YOUR_SHARED_SECRET
    shortname       = YOUR_SERVER_NAME
}

Replace YOUR_SERVER_IP with your server IP address and YOUR_SHARED_SECRET For the secret key shared between you and the RADIUS server, replace YOUR_SERVER_NAME with your server name.

Restart the RADIUS server for the changes to take effect.

3. Configure PAM module

PAM (Pluggable Authentication Modules) module is used to integrate token verification. Enter the following command in the terminal to open the PAM module configuration file:

sudo vi /etc/pam.d/sshd

Add the following content at the end of the file:

auth required pam_radius_auth.so debug

Save and close the file.

4. Reload the SSH service

Enter the following command in the terminal to reload the SSH service:

sudo systemctl restart sshd

3. Test two-factor authentication

Now we can test whether the two-factor authentication is successful.

1. Try to connect to the server via SSH

Enter the following command in the terminal to try to connect to the server via SSH:

ssh username@your_server_ip

Please note that the username here is your server username, your_server_ip is your server IP address.

2. Enter Password

When prompted for your password, enter your password and press Enter.

3. Enter the token code

Next, you will be prompted to enter the token code. Depending on the type of token you are using, enter the appropriate code and press Enter.

If the token code you entered is correct, you will successfully log in to the server.

4. Summary

By using two-factor authentication to secure access to CentOS servers, we can increase the security of the server. This article explains how to configure two-factor authentication on a CentOS server and provides corresponding code examples. I hope this article can help you better protect server access security.

Reference:

• https://www.tecmint.com/secure-ssh-with-two-factor-authentication-in-centos/

The above is the detailed content of How to secure access to your CentOS server using two-factor authentication. For more information, please follow other related articles on the PHP Chinese website!