Two Factor Authentication for Linux Logon and SSH Access

miniOrange 2FA SSH Module provides a secure way to login into the linux servers that enhance the security and makes the brute force attacks more difficult. 2FA on top of SSH Access, adds an extra layer of security to increase the identity assurance and reduce risk and exposure. miniOrange 2FA module can be installed on Linux operating systems to add Two-Factor authentication on the top of local and Remote login.

miniOrange supports following Authentication Methods for 2FA:

• miniOrange Push Notifications (miniOrange Authenticator App)
• miniOrange Soft Token (miniOrange Authenticator App)
• OTP Over SMS / Email
• Google Authenticator
• Hardware Token

The Module has been well tested on the following Linux distributions.

( If you have other than the following mentioned distributions please contact us )

• Ubuntu
• RHEL based systems
  e.g. Red Hat, CentOS

Step by step guide to enable 2 Factor Authentication ​on SSH access(Linux) :

Step 1: Enroll your user

• Sign up for miniOrange account.
• Login into miniOrange Admin Portal.
• Users can be added in miniOrange in 3 ways:
1. 1. Create user manually.
• Navigate to Users section and click on Add User button.



• Create a user that matches your linux system logon username. Fill the user details and click on Create User.




2. 2. You can configure your AD connection in miniOrange admin portal and import your existing users from AD into
   miniOrange.



3. 3. You can bulk upload your users by providing the csv file.

---

Step 2: Configure 2FA method for your users

1. 1. Set 2FA method from admin dashboard:


• Navigate to Users section and click on Select from the Actions column.
• Select Reset Second Factor option.



• Select the 2FA method you want to assign to the user and click on Submit.



2. 2. Set 2FA method from end user dashboard.

---

Step 3: Configure MO-SSH Module

• Install the following extensions which are required to proceed for further configuration.
  curl, jq and python
• Download the “mo-ssh” file.
• Open your Linux terminal and make sure you are the root user.
• Execute the following command to install “mo-ssh” module
  # bash mo-ssh install < path >
  e.g. # bash mo-ssh install /usr/local/bin



• Enter the miniOrange account credentials.



• Proceed for the following steps once you have successfully logged in.
• Execute the below command to enable the 2FA for the users.
  ‹path of mo-ssh file› enable ‹local_username› ‹miniOrange_email› ‹phone_number›
  e.g. # /usr/local/bin enable ec2-user ec2user@xecurify.com +917894567894



• Execute the below command to restart the sshd service.
  $ service sshd restart

---

Step 4: Test your setup

• Initiate SSH into your system.



• Enter your username.



• It will prompt for the 2FA verification.



• Enter the token.