January 2017

Copy key to remote host

2017-01-23T11:23:22+00:00 January 22nd, 2017|Linux, Security, Ubuntu|

Copy key to remote host

scp filelocation_name root@192.168.7.17:"/root/mykeys/"

copy key to remote host with .pem key

scp -i yourkey.pem filelocation_name root@192.168.7.17:"/root/mykeys/"

Configure Google Authenticator with Ubuntu

2017-01-23T11:36:10+00:00 January 19th, 2017|Linux, Security, Ubuntu|

Configure Google Authenticator with Ubuntu

sudo dpkg-reconfigure tzdata
sudo apt-get install ntpdate
sudo ntpdate 0.uk.pool.ntp.org
sudo apt-get install ntp

check settings via controls below

ntpq -p
date

Install google auth module

sudo apt-get install libpam-google-authenticator

choose user you want to configure auth for

su username
google-authenticator

choose option Y

Do you want authentication tokens to be time-based (y/n)

scan barcode with google app or duo.com, follow instruction on the screen edit /etc/ssh/sshd_config and enable ChallengeResponseAuthentication to YES

ChallengeResponseAuthentication yes

edit /etc/pam.d/sshd and add below line at the top of the file

auth required pam_google_authenticator.so nullok

restart ssh service

sudo service ssh restart

How to add public key to remote host

2017-01-23T11:37:21+00:00 January 19th, 2017|Linux, Security, Ubuntu|

copy public key

cat keyname_pub.key | ssh user@host ‘cat >> ~/.ssh/authorized_keys’

on local machine edit /home/username/.ssh/config and add

Host choose_short_name
HostName 192.168.7.21
Port 22
User remote_user
IdentityFile /home/username/username_ssh_priv.key

How to install DUO Security with Ubuntu 16.04 LTS

2017-01-23T11:38:21+00:00 January 19th, 2017|Linux, Security, Ubuntu|

install ssh (if its not installed)- go to

cd /etc/apt/sources.list.d/

create file in /etc/apt/sources.list.d/

sudo nano duosecurity.list

edit file and add this

deb http://pkg.duosecurity.com/Ubuntu xenial main

exit and install curl

sudo apt-get install curl

download duosecurity key and add to system

curl -s https://duo.com/APT-GPG-KEY-DUO | sudo apt-key add –

update apt

sudo apt-get update

install duo-unix

sudo apt-get install duo-unix

add key’s to /etc/duo/pam_duo.conf (Integration, Secret, API hostname) from duo website

sudo nano /etc/duo/pam_duo.conf

edit common-auth

sudo nano /etc/pam.d/common-auth

add to file at the bottom /etc/pam.d/common-auth (make sure there are no duplicates)

auth requisite pam_unix.so nullok_secure
auth [success=1 default=ignore] /lib64/security/pam_duo.so
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_cap.so

edit /etc/ssh/sshd_config add

sudo nano /etc/ssh/sshd_config

add

ChallengeResponseAuthentication yes
UsePAM yes
UseDNS no

if use public key add

PubkeyAuthentication yes
PasswordAuthentication yes
AuthenticationMethods publickey,keyboard-interactive

need to make some changes in the pam.d/sshd config

sudo nano /etc/pam.d/sshd

You need to comment out and add the following lines

#@include common-auth
auth [success=1 default=ignore] /lib64/security/pam_duo.so
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_cap.so

Load More Posts