Two Factor Authentication for Linux

miniOrange Two Factor Authentication (2FA) SSH Module provides a secure way to login into the linux servers that enhance the security and makes the brute force attacks more difficult. Two Factor Authentication (2FA) on top of SSH Access, adds an extra layer of security to increase the identity assurance and reduce risk and exposure. miniOrange Two Factor Authentication (2FA) module can be installed on Linux operating systems to add Two-Factor authentication on the top of local and Remote login.

miniOrange supports following Authentication Methods for Two Factor Authentication (2FA):

• miniOrange Push Notifications (miniOrange Authenticator App)
• miniOrange Soft Token (miniOrange Authenticator App)
• OTP Over SMS / Email
• Google Authenticator
• Hardware Token

The Module has been well tested on the following Linux distributions.

( If you have other than the following mentioned distributions please contact us )

• Ubuntu
• RHEL based systems
  e.g. Red Hat, CentOS

Step by step guide to enable Two Factor Authentication ​on SSH access (Linux):

Step 1: Enroll your user

• Sign up for miniOrange account.
• Login into miniOrange Admin Portal.
• Users can be added in miniOrange in 3 ways:

1. 1.1 Create user manually


• Navigate to Users section and click on Add User button.



• Create a user that matches your linux system logon username. Fill the user details and click on Create User.




1. 1.2 Configure Active Directory as user directory


• You can configure your AD connection in miniOrange admin portal and import your existing users from AD to miniOrange.



• Click here for step by step guide to configure Active Directory as a user store in miniOrange.


1. 1.3 Bulk upload users


• You can bulk upload your users by uploading the csv file.

Step 2: Configure 2FA Method

1. 2.1 Set 2FA method from admin dashboard:


• Navigate to Users section and click on Select from the Actions column.
• Select Reset Second Factor option.



• Select the 2FA method you want to assign to the user and click on Submit.



• Configure any 2FA method of your choice and click on Save.
• You can configure the 2FA methods from miniOrange dashboard. Click Here for the guide.
• To configure 2FA methods for end-users Click here.


2. 2.2 Set 2FA method from end user dashboard:


• Login as an end user in miniOrnage and click on Configure 2FA.

Step 3: Configure MO-SSH Module

• Install the following extensions which are required to proceed for further configuration.
  curl, jq and python
• Download the “mo-ssh” file.
• Open your Linux terminal and make sure you are the root user.
• Execute the following command to install “mo-ssh” module.
  # bash mo-ssh install < path >
  e.g. # bash mo-ssh install /usr/local/bin



• Enter the miniOrange account credentials.



• Proceed for the following steps once you have successfully logged in.
• Execute the below command to enable the Two Factor Authentication (2FA) for the users.
  ‹path of mo-ssh file› enable ‹local_username› ‹miniOrange_email› ‹phone_number›
  e.g. # /usr/local/bin enable ec2-user ec2user@xecurify.com ‹ your phone number ›



• Execute the below command to restart the sshd service.
  $ service sshd restart

Step 4: Test your setup

• Initiate SSH into your system.



• Enter your username.



• It will prompt for the Two Factor Authentication (2FA) verification.



• Enter the token.

For further details refer :
https://www.techrepublic.com/article/how-to-setup-two-factor-authentication-in-linux/