How to use two-factor authentication to protect CentOS server access security
Abstract: With the increase in network attacks, protecting server access security has become particularly important. Two-factor authentication is a way to enhance server security. This article will introduce how to use two-factor authentication on CentOS servers to improve access security.
Keywords: two-factor authentication, CentOS server, access security, code example
1. What is two-factor authentication
Two-factor authentication refers to passing Verify the user's identity using more than two different authentication factors. Common authentication elements include: password, fingerprint, token, etc. In traditional single-factor authentication, you only need to enter your username and password to log in, while two-factor authentication requires users to provide another form of identification in addition to their password to increase security.
In this article, we will implement two-factor authentication using two different authentication elements: password and token.
2. Configure the CentOS server
First, we need to install the required software packages. Enter the following command in the terminal:
sudo yum install -y epel-release sudo yum install -y pam_radius_auth
RADIUS (Remote Authentication Dial-In User Service) server is used to verify the token. In this example, we will use FreeRADIUS as the RADIUS server.
Open the RADIUS server configuration file/etc/raddb/clients.conf
and add the following:
client YOUR_SERVER_IP { secret = YOUR_SHARED_SECRET shortname = YOUR_SERVER_NAME }
Replace YOUR_SERVER_IP with your server IP address and YOUR_SHARED_SECRET For the secret key shared between you and the RADIUS server, replace YOUR_SERVER_NAME with your server name.
Restart the RADIUS server for the changes to take effect.
PAM (Pluggable Authentication Modules) module is used to integrate token verification. Enter the following command in the terminal to open the PAM module configuration file:
sudo vi /etc/pam.d/sshd
Add the following content at the end of the file:
auth required pam_radius_auth.so debug
Save and close the file.
Enter the following command in the terminal to reload the SSH service:
sudo systemctl restart sshd
3. Test two-factor authentication
Now we can test whether the two-factor authentication is successful.
Enter the following command in the terminal to try to connect to the server via SSH:
ssh username@your_server_ip
Please note that the username here is your server username, your_server_ip is your server IP address.
When prompted for your password, enter your password and press Enter.
Next, you will be prompted to enter the token code. Depending on the type of token you are using, enter the appropriate code and press Enter.
If the token code you entered is correct, you will successfully log in to the server.
4. Summary
By using two-factor authentication to secure access to CentOS servers, we can increase the security of the server. This article explains how to configure two-factor authentication on a CentOS server and provides corresponding code examples. I hope this article can help you better protect server access security.
Reference:
The above is the detailed content of How to secure access to your CentOS server using two-factor authentication. For more information, please follow other related articles on the PHP Chinese website!