Created
April 23, 2022 18:36
-
-
Save rgpower/ba5557d29ae301b9f333e07fb1ba2563 to your computer and use it in GitHub Desktop.
Google Authenticator MFA for Ubuntu 22.04 LTS SSH: cloud-init
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #cloud-config | |
| locale: en_CA.UTF-8 | |
| locale_configfile: /etc/default/locale | |
| package_update: true | |
| package_upgrade: true | |
| packages: | |
| - ca-certificates | |
| - libpam-google-authenticator | |
| write_files: | |
| - path: /etc/ssh/sshd_config.d/10-google-authenticator.conf | |
| content: | | |
| UsePAM yes | |
| PasswordAuthentication no | |
| PubkeyAuthentication yes | |
| ChallengeResponseAuthentication yes | |
| AuthenticationMethods publickey,keyboard-interactive | |
| - path: /home/azureuser/.google_authenticator | |
| defer: true # defer so owner will already exist when file is written | |
| permissions: '0400' | |
| owner: azureuser:azureuser | |
| content: | # generate your own, this is just a demo example | |
| RPE43A2LUZJILNER5R3QLYN3BQ | |
| " RATE_LIMIT 3 30 1650715301 | |
| " WINDOW_SIZE 3 | |
| " TOTP_AUTH | |
| 23326948 | |
| 20728507 | |
| 82538256 | |
| 36946945 | |
| 48208889 | |
| bootcmd: | |
| - [ cloud-init-per, instance, enable_pam_mfa, sed, -i, -e, 's/^$/\nauth sufficient pam_google_authenticator.so\n/', /etc/pam.d/common-auth ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment