Configuring Multi-Factor Authentication for Secure Server Access
Introduction
Implementing MFA on ServerStadium’s infrastructure (VM Pricing, Dedicated Servers) is crucial for protecting sensitive data and systems. MFA requires users to present two or more verification factors to gain access, providing a higher level of security than single-factor authentication.
Prerequisites
- A ServerStadium VM or dedicated server (VM Pricing, Dedicated Servers).
- SSH access to the server.
- Basic knowledge of Linux server administration.
Step 1: Prepare Your ServerStadium Server
- Select a Server: Choose a ServerStadium server for setting up MFA.
- Server Setup:
sudo apt update
sudo apt upgrade
Step 2: Install and Configure Google Authenticator
- Install Google Authenticator:
Install the Google Authenticator PAM module:
sudo apt install libpam-google-authenticator
- Configure Google Authenticator for a User:
Run the Google Authenticator module to create a new secret key for a user:
google-authenticator
Follow the prompts to set up MFA. Scan the QR code with an MFA app on your smartphone.
Step 3: Configure SSH for MFA
- Edit SSHD PAM Configuration:
Edit the PAM configuration for SSH:
sudo nano /etc/pam.d/sshd
Add the following line:
auth <span class="hljs-keyword">required</span> pam_google_authenticator.so
- Edit SSHD Config:
Modify the SSH daemon configuration:
sudo nano /etc/ssh/sshd_config
Ensure the following line is included:
ChallengeResponseAuthentication <span class="hljs-built_in">yes</span>
- Restart SSH Service:
sudo systemctl restart sshd
Step 4: Test MFA
- SSH with MFA:
Try logging in via SSH to your server. You should now be prompted for both your password and the verification code from your MFA app.
Conclusion
MFA is now set up on your ServerStadium server, significantly enhancing your server’s security against unauthorized access. For additional security measures or support, visit our knowledge base or contact our support team.