Ubuntu: Ubuntu 16.04 google auth over ssh issue



Question:

I have a personal server I host from home that has port 22 exposed to the world for SSH. For better or worse I also login as root. I know how much of a security risk this can pose, and started feeling it when someone started trying to brute force my server over root. Instead of closing the port and using openvpn or a remote desktop to access my network, I decided to enable google auth. To be doubly secure, I have the configuration like this:

/etc/pam.d/sshd:

\# Standard Un\*x authentication.  \#@include common-auth  @include google-auth  

/etc/pam.d/sshd/google-auth:

auth    required                        pam_google_authenticator.so forward_pass  auth    [success=1 default=ignore]      pam_unix.so use_first_pass  auth    requisite                       pam_deny.so  auth    required                        pam_permit.so  auth    optional                        pam_cap.so  

I did it this way so that I can play around without editing default files and easily revert at any time. It also lets me play around with the PAM module order a bit.

The goal is to have it request 'Password & Verification' at the same time. It works! Sorta.

login as: root  Using keyboard-interactive authentication.  Password & verification code:  Access denied  Using keyboard-interactive authentication.  Password & verification code:  Access denied  Using keyboard-interactive authentication.  Password & verification code:  Access denied  root@192.168.1.5's password:  Access denied  root@192.168.1.5's password:  

So if there are 3 failed attempts at Password & verification, it kicks to just asking for the password. Entering the password by itself or the password & verification does NOT work. It always ends in failure, which is good. The bad part is that if someone is brute forcing this, it sometimes will ONLY ask for password even on the first login attempt. This locks me from the server!

At this point it is more of a curiosity than anything else. I can always close the port and resolve the problem, but I'd really like to solve this puzzle. Any thoughts?


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »