Sudo Two-Factor Authentication¶
Two factor authentication for Sudo access gives you an awesome security enhancement so that a hacker still will not be able to use sudo, i.e. admin privileges, even if they have discovered your password.
This can be done using PAM (Pluggable Authentication Modules).
Install libpam-google-authenticator
.
Set up Google Authenticator
yes
to time based tokens.- Scan the QR code with your prefered authenticator app.
- Save the emergency backup codes in a secure place.
Edit the PAM configuration for sudo.
Add the following line at the top (before any other auth lines)
Test the setup
Note, if you want 2FA with cockpit. Do the same thing to that file:
Add the following line at the top (before any other auth lines)