Posted
Filed under Computer/Linux
Already installed shellinabox and setup Google authenticator for your account.

Setup virtual network interface on your system.
(for example: tun0, kvm network)
(example ip : 10.0.0.2)

setup google authenticator access list file.
# vi /etc/security/access-local.conf
------------------------------------------------------------
+ : ALL : xxx.xxx.xxx.0/24  # your inside network
+ : ALL : LOCAL    # Local host 
- : ALL : ALL   # all other's IP need google Auth.
------------------------------------------------------------

Add above rule at the pam file.
# vi /etc/pam.d/sshd
------------------------------------------------------------
auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-local.conf
auth required pam_google_authenticator.so
------------------------------------------------------------

Change shellinabox configuration using SSH at OPTS (virtual device ip: 10.0.0.2)
# vi /etc/sysconfig/shellinaboxd
-------------------------------------------------------------
OPTS="-s /:SSH:10.0.0.2"
-------------------------------------------------------------


restart daemon
# systemctl restart shellinaboxd

if you login with web then you can see asking google Auth. before password.
2020/12/11 03:53 2020/12/11 03:53
[로그인][오픈아이디란?]