google-authenticator

安裝方式一：
Liunx

yum -y install epel-release
yum -y install google-authenticator

ubuntu

sudo apt update
sudo add-apt-repository universe
sudo apt install libpam-google-authenticator

安裝方式二：
Liunx

yum install -y git make gcc libtool pam-devel qrencode ntpdate

git clone https://github.com/google/google-authenticator-libpam.git
cd   google-authenticator-libpam/
./bootstrap.sh
./configure
make
make install

ubuntu

sudo apt-get  -y install autoconf  git make gcc libtool libpam0g-dev qrencode ntpdate

git clone https://github.com/google/google-authenticator-libpam.git
cd   google-authenticator-libpam/
./bootstrap.sh
./configure
sudo make
sudo make install

配置ssh

vim /etc/ssh/sshd_config    #ubuntu   sudo

修改以下的配置項：

ChallengeResponseAuthentication yes
UsePAM yes

配置PAM

vim /etc/pam.d/sshd      #ubuntu   sudo

Liunx

#%PAM-1.0
auth      required     pam_google_authenticator.so   #添加至第一行

ubuntu

auth      required      pam_google_authenticator.so       #末尾添加

重啓ssh

systemctl restart sshd     #ubuntu   sudo

配置google authenticator
首要條件：先切換到你須要設置的賬號

google-authenticator

Do you want authentication tokens to be time-based (y/n)  #基於時間生成身份驗證
#已經安裝qrencode會產生一個二維碼，二維碼鏈接也能夠URL顯示
Your new secret key is ：***********   # 密鑰key
Your verification code is : #code 動態碼
Your emergency scratch codes are:  #  生成5 個緊急救助碼
Do you want me to update your "/root/.google_authenticator" file? (y/n)  #一直確認下去
# 生成了一個 .google_authenticator 文件

your chances to notice or even prevent man-in-the-middle attacks (y/n)  #一直確認下去
Do you want to do so? (y/n)   #一直確認下去
Do you want to enable rate-limiting? (y/n)  #設置完成

#上面的意思大概爲：禁止屢次使用相同的身份驗證，限制每30秒登陸一次，移動端每30秒更新一次，移動端和客戶端時間偏差30秒，30秒內不能超過3次登陸。

若是須要刪除一個用戶的Google驗證，刪除這個用戶下產生的home/.google_authenticator文件便可