Need to migrate your e-mails to a new server? Free and paid versions of our online tool available.
Hero Image

SSH TOTP MFA on RHEL 9

ssh rhel ssh

SSH TOTP MFA on RHEL 9

Step 1 – Install PAM module

dnf install -y google-authenticator-libpam

Step 2 – Configure for each user

google-authenticator
# time-based: y, update file: y, disallow reuse: y, rate limit: y

Scan QR code with an authenticator app (Aegis, Google Authenticator, etc.).

Step 3 – /etc/pam.d/sshd

auth required pam_google_authenticator.so

Step 4 – /etc/ssh/sshd_config

ChallengeResponseAuthentication yes
AuthenticationMethods publickey,keyboard-interactive
UsePAM yes

Step 5 – Restart sshd

systemctl restart sshd 2>/dev/null || rcctl restart sshd
Previous Post Next Post