amazon-web-servicesubuntuamazon-ec2sshgoogle-authenticator

2FA is not working with Ubuntu AWS instance


I worked on setting up 2FA while doing ssh in EC2 instance. But after the setup instance is still not asking for 2FA code and directly logs my user i.e. ubuntu into the server.

I did following steps to setup 2FA:

  1. Install Google Authenticator PAM module.

    sudo apt install libpam-google-authenticator

  2. Add auth required pam_google_authenticator.so to /etc/pam.d/sshd

  3. Restart ssh sudo systemctl restart sshd.service

  4. Update sshd_config with following:

    ChallengeResponseAuthentication yes PasswordAuthentication no

  5. Run command google-authenticator

Please help me resolve this issue. Thanks in advance.


Solution

  • I was facing this issue because of other configuration was enabled. PubKeyAuthentication was used instead of authenticator. I change it to PubKeyAuthentication no which resolved the issue.