Store these scratch codes somewhere safe – Do not save these on the same local device, in case of lose or theft. Your new secret key is: 2445XXXXJ5L6MQ575PXXXXXX
Now, lets concentrate on properly storing the following information before finishing the configuration. Open your Authenticator App of choice and scan the MFA QR Code that is on your screen. Step 2: Setup MFA on local user google-authenticatorĪt this point, carefully read through the prompts and select the options that make more sense to you. Step 1: Install G-Auth – The tools for sudo apt install libpam-google-authenticator I will not be covering such configuration. There are some additional steps in securing cloud instances, such as Digital Ocean headless droplets. I am performing these steps on a Ubuntu Server 19. Lets get started by SSH’ing into your Ubuntu machine. If one factor is compromised or broken, the attacker still has at least one more barrier to breach before successfully breaking into the target.ĭefense in Depth (DiD) is an approach to cybersecurity in which a series of defensive mechanisms are layered in order to protect valuable data and information. The goal of MFA is to create a layered defense and make it more difficult for an unauthorized person to access a target such as a physical location, computing device, network or database. Multi-factor authentication combines two or more independent credentials: what the user knows ( password), what the user has ( security token) and what the user is ( biometric verification). Last Pass has a free option available and you can find Google Authenticator on your device’s App Store/Play Store.
Finally, for those who use SecureCRT, there is one configuration change to make to your saved sessions for ease of use and compatibility. For my AuthCodes I will also be using LastPass Authenticator, even though I am installing Google Auth on the Ubuntu instance. LastPass is utilizing my YubiKey which FIDO2, FIDO U2F, one-time password (OTP), OpenPGP and smart card, choice of form factors for desktop or laptop as a form of MFA to authenticate to the cloud service. We will install Google-Auth on a Ubuntu Server-19 and store the Scratch Codes in our LastPass Vault.
This short article will go over how I’m practicing defense in depth to secure my Linux SSH access for critical infrastructure.
0 kommentar(er)
