Setup virtual network interface on your system.
(for example: tun0, kvm network)
(example ip : 10.0.0.2)
setup google authenticator access list file.
# vi /etc/security/access-local.conf
------------------------------------------------------------
+ : ALL : xxx.xxx.xxx.0/24 # your inside network
+ : ALL : LOCAL # Local host
- : ALL : ALL # all other's IP need google Auth.
------------------------------------------------------------
Add above rule at the pam file.
# vi /etc/pam.d/sshd
------------------------------------------------------------
------------------------------------------------------------
Add above rule at the pam file.
# vi /etc/pam.d/sshd
------------------------------------------------------------
auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-local.conf
auth required pam_google_authenticator.so
------------------------------------------------------------
Change shellinabox configuration using SSH at OPTS (virtual device ip: 10.0.0.2)
# vi /etc/sysconfig/shellinaboxd
-------------------------------------------------------------
OPTS="-s /:SSH:10.0.0.2"
-------------------------------------------------------------
restart daemon
# systemctl restart shellinaboxd
if you login with web then you can see asking google Auth. before password.