Table of Contents
This tip is about the how to Set Up Two-Factor Authentication on Raspberry Pi. So read this free guide, How to Set Up Two-Factor Authentication on Raspberry Pi step by step. If you have query related to same article you may contact us.
How to Set Up Two-Factor Authentication on Raspberry Pi – Guide
Enabling two-factor authentication (2FA) to increase the security of your important accounts is becoming increasingly common these days. However, you might be surprised to learn that you can do the same with your Raspberry Pi. You can enable 2FA on the Raspberry Pi and then be prompted for a verification code when accessing it remotely via Secure Shell (SSH). Two-factor authentication is an additional layer of protection. In addition to a password, “something you know”, you need one more piece of information to log in. This second factor is based on “something you have” like a smartphone, or “something you are” like biometric information.
We go ahead and set up “something you have” and use your smartphone as the second factor to protect your Raspberry Pi. Many people use a Raspberry Pi as a file or media server on home. This became quite common with the introduction of the Raspberry Pi 4, which has USB 3 and Gigabit Ethernet. However, when defining up this type of server, you often want to run it “headless”. without monitor, keyboard or mouse.
This is especially true if you intend to hide your Raspberry Pi behind your TV or in some other location. Either way, that means you need to enable Secure Shell (SSH) for remote access. However, it is also common to define up your server so you can access your files when you’re away home, making your Raspberry Pi accessible over the Internet.
How to To define Up Two-Factor Authentication on a Raspberry Pi
Update your Pi
Assuming you have already set up your Raspberry Pi with the Raspberry Pi OS, it is best to first check that all your software is up Until the present date. Open a terminal and type the following command:
enable SSH
The Raspberry Pi OS has the SSH server disabled by default. Before connecting to your Pi via SSH, you need to enable it by running the following Terminal commands:
Require ID authentication, with challenge-response
Finally, your Raspberry Pi needs to challenge you to authenticate your identity and then process your response, which means you need to enable challenge response passwords. To get started, open the SSH configuration file for editing by running the following Terminal command:
In that file, find the Challenge Response Authentication section and change it from “no” to “yes”. You can now save the updated “sshd_config” file by pressing Ctrl + O, followed by Ctrl + X. Back in the Terminal, restart the SSH daemon with your new configuration:
Since changes have been made to the SSH configuration, it’s a good idea to check if you can still connect to your Raspberry Pi over SSH. To connect to the SSH server, you will need to know the IP address of your Raspberry Pi. If you don’t already have this information, run the following command on your Pi:
This will return the IP address you need to use. change to your laptop or computer, launch a Terminal and connect to your Raspberry Pi, making sure to replace “10.3.000.0” with your unique IP address:
Context Up Two-factor authentication
Then download the Authenticator app to generate the one-time authentication code. There are several authentication apps on the market, but I am using Google Authenticator for this tutorial, which is available for iOS and Android.
After downloading this mobile application, you will also need to install the Google Authenticator PAM module on your Raspberry Pi. On your Pi, open a Terminal window and run the following command:
Once Google Authenticator is installed on your Raspberry Pi and your mobile device, you are ready to set up two-factor authentication.
Create a connection: linking your Pi to yours mobile device
To create a link between your mobile app and your Raspberry Pi, generate a QR code on your Pi, then scan that code using your smartphone or tablet. To generate the QR code, go back to your Raspberry Pi and run the following Terminal command:
Your Raspberry Pi will ask if your auth tokens should be time-constrained. Since it’s more secure, you’ll typically want to generate time-based authentication tokens unless you have a specific reason not to. The Terminal will generate a QR code, although you may need to resize the Terminal to see the full barcode.
There are also a number of emergency codes. If you lose, lose or break your mobile device, these codes will allow you to access your Raspberry Pi via SSH, even without your mobile device. Don’t risk being locked out of your Raspberry Pi. Write down these codes and keep them somewhere safe. Use this QR code to connect your Raspberry Pi to the Google Authenticator app:
Final note
I hope you like the guide How to Set Up Two-Factor Authentication on Raspberry Pi. In case if you have any query regards this article you may ask us. Also, please share your love by sharing this article with your friends.