2FA_RemoteAccess

Edge ISP device: NAT to <machine IP> internal port 22.

on the machine:

apk del dropbear-scp

apk add openssh

apk add google-authenticator openssh-server-pam

apk del dropbear

apl del dropbear-dbclient

remotely... (as I was not at home to do this)

rc-update sshd

rc-status

rc-service dropbear stop

rc-service sshd start

-----------------------

/etc/ssh/sshd config:

chottu:/etc/ssh# cat sshd_config | grep -v '^#' | grep -v "^$"LogLevel DEBUGPermitRootLogin noPubkeyAuthentication yesAuthorizedKeysFile .ssh/authorized_keysPasswordAuthentication yesChallengeResponseAuthentication yesUsePAM yesUseDNS noPermitTunnel yesSubsystem sftp /usr/lib/ssh/sftp-server

---------------------

cd /etc/pam.d/

vi sshd <-- had to create this...

chottu:/etc/pam.d# cat sshdauth include base-authaccount include base-accountpassword include base-passwordsession include base-sessionauth include google-authenticator

----------------

i had done one BOoBOo ... had installed openssh-server-pam BEFORE openssh package. thus, the PAM suported sshd was replaced by normal sshd... this gave error about unsupported UsePAM

deleted openssh-server-pam AND THEN REINSTALLED it ....all worked.

sshd -T ...gives the running configurations.

-------------

as <user> run google-authenticator
enter the key in the google auth app (from mobile)
answer the questions.