Secure your server by setting up Google Authenticator to use Linode 2FA with SSH. Our Linode Support team is ready to assist you.
Installing Google Authenticator for Secure Authentication
In today’s digital world, passwords alone can’t guarantee security. Google Authenticator adds a second layer of protection with time-based codes that verify your identity. It’s simple, reliable, and works even without an internet connection. Read this article to learn how to install Google Authenticator.
What is Google Authenticator
Google Authenticator is a trusted security app from Google that adds an extra layer of protection through two-factor authentication. It generates time-based, one-time passwords that work alongside your regular login credentials.
Unlike text message codes, it operates completely offline, making it reliable even without internet access. Each code refreshes every few seconds and is valid for one use only, greatly reducing the chance of unauthorized access.
This method can also complement backup procedures for critical systems, making it easier to secure your backup disk image for Windows.
Key Features
- Creates new codes every 30 to 60 seconds
- Allows only one-time use for each code
- Supports multiple accounts in one place
- Works offline with optional cloud sync
- Enables quick setup through QR or manual entry
Using Google Authenticator greatly enhances login security for both personal accounts and servers.
Installing and Configuring Google Authenticator
Google Authenticator can be set up on mobile devices for personal use or on Linux servers to secure system logins.
Stronger Security is Just Minutes Away
Step 1: Install the PAM Module
To secure SSH access, install the PAM package that enables two-factor authentication.
For Debian or Ubuntu
sudo apt install libpam-google-authenticatorFor RHEL or Fedora
sudo dnf install epel-release -y
sudo dnf install google-authenticator qrencode-libs -yStep 2: Generate the Key
Run the command:
google-authenticatorSelect time-based authentication and scan the QR code displayed on your screen using the Google Authenticator app. A new entry will appear on your phone showing your username and host.
Save the emergency scratch codes in a secure location. These backup codes can be used once each if you lose your device.
For databases hosted on Linode, using Google Authenticator ensures that Linode is the ideal platform for your MongoDB database with secure 2FA access.
When prompted, confirm the following:
- Update your user configuration file
- Restrict reuse of codes for better security
- Keep default time synchronization
- Enable rate limiting to prevent repeated login attempts
Step 3: Configure Authentication
Open the PAM configuration file:
sudo nano /etc/pam.d/sshdAdd:
auth required pam_unix.so no_warn try_first_pass
auth required pam_google_authenticator.soThen open the SSH configuration file:
sudo nano /etc/ssh/sshd_configEnsure this line is active:
KbdInteractiveAuthentication yesAdd user-specific authentication if needed:
Match User example-user
AuthenticationMethods keyboard-interactiveRestart the SSH service to apply changes:
sudo systemctl restart sshdStep 4: Test the Setup
Log in to your server through SSH. After entering your password, you’ll be prompted for a verification code. Open the Google Authenticator app, enter the current code, and complete your login securely.
Strengthen Your Login Security
With Google Authenticator, every login becomes more secure and reliable. Set it up today to protect your system and prevent unauthorized access with an extra layer of verification.
[Need assistance with a different issue? Our team is available 24/7.]
Conclusion
Secure your server effectively by adding two-factor authentication. Follow this guide to use Linode 2FA with SSH and protect your system from unauthorized access.
In brief, our Support Experts demonstrated how to fix the “554 5.7.1 : Relay access denied” error.
