I have enabled the 2FA Auth with Google Authenticator in all my rigs, so each time someone joins my rigs using SSH, have to enter the user and password and then verify with the codes.
I first installed a lib:
apt install libpam-google-authenticator
Then used nano and modified /etc/pam.d/sshd adding this line at the end of the file:
auth required pam_google_authenticator.so
After that, I modified /etc/ssh/sshd_config and set to “yes” a line at config:
ChallengeResponseAuthentication yes
Restarted service using:
systemctl restart sshd.service
Then, logged in as user, the one enabled for ssh:
su user
And used:
google-authenticator
Took a screenshot of codes and QR.
Config questions were answered as yes, yes, yes, no, yes.
Finally, took my google Auth at my phone and scanned QR so I get my 2FA enabled at my rig.