Differences

This shows you the differences between two versions of the page.

--- 2fa [2024/10/28 14:45] – -Formatting hogwild
+++ 2fa [2025/08/13 04:51] (current) – -Change to: "The default file location is /opt/etc/environment" hogwild
@@ Line 1: / Line 1: @@
 ====== Setting up 2FA for SSH using Google Authenticator ======
-This content was taken from the following forum thread: \\ [[wp>https://www.linksysinfo.org/index.php?threads/howto-set-up-2fa-openssh-with-google-authenticator.78183/#post-345032|Tomato Forum: HOWTO - Set up 2FA openssh with google authenticator]]
+This content was taken from a Tomato forum thread: [[https://www.linksysinfo.org/index.php?threads/howto-set-up-2fa-openssh-with-google-authenticator.78183/#post-345032|HOWTO - Set up 2FA openssh with google authenticator]] .
- \\ These are simple configuration notes, and not intended to be a complete HOWTO.
+These are simple configuration notes, and not intended to be a complete HOWTO. This setup uses openssh with google-authenticator as 2-Factor Authentication. Only the "root" user is supported.\\   \\   \\ **Prerequisites:** Install/setup entware if it isn't already installed. This is not covered here.\\  \\
-This setup uses openssh with google-authenticator as 2-Factor Authentication. Only the root user is supported.
+Install openssh-server and google-authenticator:
  \\
-Prerequisites: Install/setup entware if it isn't already installed. This is not covered here.\\
+    opkg install openssh-server-pam google-authenticator-libpam
- \\ Next, install openssh-server and google-authenticator:
  \\
-    opkg install openssh-server-pam google-authenticator-libpam
+If this completes without all dependencies, make sure to install any necessary ones.\\
-Hopefully, this will include all dependencies. \\
+ \\  \\
- \\
+Next, enable openssh-server . This is not covered here.
+ \\ \\ Configure the correct settings in configuration file /opt/etc/init.d/S39pre_ssh:
  \\
-Next, enable openssh-server . This is not covered here.\\  \\
-Configure the correct settings in configuration file /opt/etc/init.d/S39pre_ssh: \\  \\
     #!/bin/sh
@@ Line 54: / Line 50: @@
  \\
-The new service must be enabled at boot time as well:
+The new service must be enabled at boot time as well. Make the following changes to the file: "/opt/etc/ssh/sshd_config:
  \\
-Next, run /opt/etc/ssh/sshd_config and change the following from the defaults:
     Port 2222 # to be changed if desired
@@ Line 138: / Line 132: @@
  \\
- \\
+ \\ Next, test the configuration from the LAN side by typing the following at the command prompt:
-Next, test the configuration from the LAN side by typing the following at the command prompt:
  \\
@@ Line 149: / Line 141: @@
 You should see the following:
+ \\
     The authenticity of host '[192.168.1.1]:2222 ([192.168.1.1]:2222)' can't be established.
@@ Line 164: / Line 158: @@
     | Verification code:
- \\
+ \\ If you see this, it means that 2FA is the only authentication operating. You can now expose port 2222 (or your configured port) to the Internet. .
-If you see this, it means that 2FA is the only authentication operating.
  \\
-You can now expose port 2222 (or the port you configured) to the Internet (not covered here).
+The default file location is: "/opt/etc/environment"
  \\
  \\
-PS - /opt/etc/environment is the default - only comments - so nothing to change - maybe a "touch /etc/environment" should have been enough

FreshTomato Wiki

User Tools

Site Tools

Differences

Page Tools