Secure your ssh with google two factor authentication in 10 minutes

Easily protect your servers against brute force and botnets like FritzFrog and other botnets and worms with the Google Authenticator pam module for ssh,just edit two files and you can add two factor authentication to your ssh session,then just use andOTP or google Authenticator, on your phone this provides an extra layer of security with a one time password for additional auth for your ssh sessions.

All commands used in the video are in the description below so you can simply copy and paste as you follow along.

Tools and Links used in this Video:

Commands used
Please make sure your time and timezone are correct on the server before starting
These commands are for Ubuntu 20.04 but should be very similar on most Linux varients.

To install the authenticatior
sudo apt-get install libpam-google-authenticator

Edit the ssh config file to change the Auth type to also Challenge Auth

sudo nano -w /etc/ssh/sshd_config
Change
ChallengeResponseAuthentication yes

Edit the pam.d module file for ssh to add in the google auth lib reference
sudo nano -w /etc/pam.d/sshd
Add this line to the file.

restart your ssh service

Run
google-authenticator

for the setup.
Answer yes to everything.
Please make sure you take a copy of the recovery keys supplied so you can get back into the box in case you loose your 2FA device.
Also make sure you leave a separate SSH session open or at least have console access to your server before making these changes.