Set up TOTP/Google authenticator on Centos 7

Remember to keep an SSH session open (in a separate terminal) while doing this.

  1. yum install google-authenticator
  2. google-authenticator
  3. follow steps, save backup stuff
  4. vim /etc/ssh/sshd_config:
    1. ChallengeResponseAuthentication yes ;
    PermitRootLogin yes ; PasswordAuthentication yes
  5. vim /etc/pam.d/ssh, add “auth required pam_google_authenticator.so” after the auth line with password.

Now you can also set up httpd to use this:

yum install mod_authnz_external.x86_64 ,

(will do this later)