Hello there!

Need Help? We are right here!

support
miniOrange Email Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Two Factor Authentication (2FA) for Linux Logon and SSH Access
miniOrange Two Factor Authentication (2FA) SSH Module provides different 2FA methods for Linux system to local and remote login.

Two Factor Authentication for Linux

miniOrange Two Factor Authentication (2FA) SSH Module provides a secure way to login into the linux servers that enhance the security and makes the brute force attacks more difficult. Two Factor Authentication (2FA) on top of SSH Access, adds an extra layer of security to increase the identity assurance and reduce risk and exposure. miniOrange Two Factor Authentication (2FA) module can be installed on Linux operating systems to add Two-Factor authentication on the top of local and Remote login.


miniOrange supports following Authentication Methods for Two Factor Authentication (2FA):

  • miniOrange Push Notifications (miniOrange Authenticator App)
  • miniOrange Soft Token (miniOrange Authenticator App)
  • OTP Over SMS / Email
  • Google Authenticator
  • Hardware Token

The Module has been well tested on the following Linux distributions.

( If you have other than the following mentioned distributions please contact us )

  • Ubuntu
  • RHEL based systems
    e.g. Red Hat, CentOS

Step by step guide to enable Two Factor Authentication ​on SSH access (Linux):

Step 1: Enroll your user

  • Sign up for miniOrange account.
  • Login into miniOrange Admin Portal.
  • Users can be added in miniOrange in 3 ways:
    1. 1.1 Create user manually

      • Navigate to Users section and click on Add User button.
      • Two Factor Authentication (2FA) for linux add user section

      • Create a user that matches your linux system logon username. Fill the user details and click on Create User.
      • Two Factor Authentication (2FA) for linux create user


    1. 1.2 Configure Active Directory as user directory

      • You can configure your AD connection in miniOrange admin portal and import your existing users from AD to miniOrange.
      • Two Factor Authentication (2FA) for linux configure ad connection

      • Click here for step by step guide to configure Active Directory as a user store in miniOrange.

    1. 1.3 Bulk upload users

      • You can bulk upload your users by uploading the csv file.
      • Two Factor Authentication (2FA) for linux bulk upload user by csv


Step 2: Configure 2FA Method

  1. 2.1 Set 2FA method from admin dashboard:

    • Navigate to Users section and click on Select from the Actions column.
    • Select Reset Second Factor option.
    • Two Factor Authentication (2FA)for linux navigate to user section

    • Select the 2FA method you want to assign to the user and click on Submit.
    • Two Factor Authentication (2FA) for linux select any 2fa method

    • Configure any 2FA method of your choice and click on Save.
    • You can configure the 2FA methods from miniOrange dashboard. Click Here for the guide.
    • To configure 2FA methods for end-users Click here.

  2. 2.2 Set 2FA method from end user dashboard:

    • Login as an end user in miniOrnage and click on Configure 2FA.
    • Two Factor Authentication (2FA) for linux set 2fa method

Step 3: Configure MO-SSH Module

  • Install the following extensions which are required to proceed for further configuration.
    curl, jq and python
  • Download the “mo-ssh” file.
  • Open your Linux terminal and make sure you are the root user.
  • Execute the following command to install “mo-ssh” module.
    # bash mo-ssh install < path >
    e.g. # bash mo-ssh install /usr/local/bin
  • Two Factor Authentication (2FA) for linux ssh install

  • Enter the miniOrange account credentials.
  • Two Factor Authentication (2FA) for linux ssh credentials

  • Proceed for the following steps once you have successfully logged in.
  • Execute the below command to enable the Two Factor Authentication (2FA) for the users.
    ‹path of mo-ssh file› enable ‹local_username› ‹miniOrange_email› ‹phone_number›
    e.g. # /usr/local/bin enable ec2-user ec2user@xecurify.com ‹ your phone number ›
  • Two Factor Authentication (2FA) for linux enable 2fa

  • Execute the below command to restart the sshd service.
    $ service sshd restart
  • Two Factor Authentication (2FA) for linux restart

Step 4: Test your setup

  • Initiate SSH into your system.
  • Two Factor Authentication (2FA) for linux initiate ssh into system

  • Enter your username.
  • Two Factor Authentication (2FA) for linux enter username

  • It will prompt for the Two Factor Authentication (2FA) verification.
  • Two Factor Authentication (2FA) for linux prompt for 2fa

  • Enter the token.
  • Two Factor Authentication (2FA) for linux access enter token


For further details refer :
https://www.techrepublic.com/article/how-to-setup-two-factor-authentication-in-linux/

We offer Security Solutions of Single Sign-On, Two Factor Authentication, Fraud Prevention and much more.

Please call us at +1978 658 9387 (US), +91 77966 99612 (India) or email us at info@xecurify.com