Web01 Configuration

1. The first task for us, after resetting the password to web01, is to change the hostname of the box with the command below.

hostname web01

2. We don't need to change any password because we just reset our root password to get in, so lets acquire connectivity.

nmtui

• Setting up the network through the GUI, using nmtui, we should end up with network settings like this.

3. Disable Root SSH by editing the file below with the command below, and changing PermitRootLogin yes to PermitRootLogin no

sudo vi /etc/ssh/sshd_config

Setupt 2FA for SSH to web01

• I won't rewrite all of the steps that I followed in this tutorial out, https://www.linuxbabe.com/redhat/ssh-two-factor-authentication-centos-rhel , but I followed every step and ill summarize my process.

• You first have to install google_authenticator, then for the account that you want to use authenticator with, in my case jwells, you create a google_authenticator key for that accounts SSH directory. Now, you should have a key in your users directory. Once you have a key, you make a few edits to the pam.d config file and the sshd config file, and then you are ready to ssh with google auth.

• Edit /etc/ssh/sshd_config and make sure the following lines are set to YES:

UsePAM yes
ChallengeResponseAuthentication yes

• Edit the /etc/pam.d/sshd file and add the following lines:

#two-factor authentication via Google Authenticator
auth     required     pam_google_authenticator.so secret=${HOME}/.ssh/google_authenticator

• When sshing to the box now, it should look like this: