This is a fork of the Google Authenticator
project, which includes
two-factor verification for SSH key-based logins via command defined in the
Clone the repository and run
sudo make install-ssh-key-verify. This will
build and install the necessary programs into
Once installed, run
google-authenticator to generate the secrets file. You
will need to install Google Authenticator
on your mobile device.
Finally, prepend the following to any key in
~/.ssh/authorized_keys that you
would like to protect:
This will cache the verification per IP address for 9 hours, meaning once you have successfully entered a secret, you will not have to from that location for another 9 hours.
Make sure your system clock is in sync with the planet. It's best to run NTP
or at the very least run
ntpdate periodically to make sure your system's
clock doesn't drift too far off reality.
Next, before logging out of your system, connect from another shell and verify you are able to login using the secret.