![]() You can do this either above or below the line that says common-auth.In October 2020, after Raspberry Pi introduced the Compute Module 4, I started out on a journey to get an external graphics card working on the Pi.Īt the time, it'd been over a decade since the last time I'd built a PC, and I had a lot to learn about PCI Express, the state of graphics card drivers in Linux, and PCI Express support on various ARM SoCs.Īfter failing to get the Nvidia GT710 or AMD 5450 running, I started testing the GTX 750 Ti, RX 550, and SM750, all with wildly different architectures and driver support. Now we need to configure PAM to add 2FA: $ sudo nano /etc/pam.d/sshdĪdd auth required pam_google_authenticator.so to the top of the file. We’re going to use Linux Pluggable Authentication Modules (PAM), which provides dynamic authentication support for applications and services, to add 2FA to SSH on Raspberry Pi. Then answer “Y” to disallow multiple uses of the same authentication token, “N” to increasing the time skew window, and “Y” to rate limiting in order to protect against brute-force attacks. Switch back to your terminal window and answer “Y” when asked whether Google Authenticator should update your. However, this code isn’t going to be all that useful until we finish what we were doing on your Raspberry Pi. Your phone will generate a new one-time password every thirty seconds. Go ahead and open the SSH config file: $ sudo nano /etc/ssh/sshd_configĮnable challenge response by changing ChallengeResponseAuthentication from the default no to yes. Next, we need to tell the SSH daemon to enable “challenge-response” passwords. You can also enable it from the command line using systemctl: $ sudo systemctl enable sshĪlternatively, you can enable SSH using raspi-config, or, if you’re installing the operating system for the first time, you can enable SSH as you burn your SD Card. Next, select the “Interfaces” tab and click on the radio button to enable SSH, then hit “OK.” Go to the Raspbian menu and select “Preferences > Raspberry Pi Configuration”. The easiest way to enable SSH is from the desktop. However, since we’re intending to run the board without a monitor or keyboard, we need to enable it if we want to be able to SSH into our Raspberry Pi. ![]() The Raspbian operating system has the SSH server disabled on boot. If you’re pulling your Raspberry Pi out of a drawer for the first time in a while, though, you might want to go as far as to install a new copy of Raspbian using the new Raspberry Pi Imager, so you know you’re working from a good image. If you’re running a relatively recent version of the operating system you can do that from the command line: $ sudo apt-get update The first thing you should do is make sure your Raspberry Pi is up to date with the latest version of Raspbian. We’re going to go ahead and set up “something you have,” and use your smart phone as the second factor to protect your Raspberry Pi. ![]() This second factor will be based either on “something you have,” like a smart phone, or on “something you are,” like biometric information. As well as a password, “something you know,” you’ll need another piece of information to log in. Two-factor authentication is an extra layer of protection. Especially if you intend to make the server accessible from the Internet, you probably want to enable two-factor authentication (2FA) using Time-based One-Time Password (TOTP). Most of us aren’t going to be out of the house much for a while yet, but if you’re taking the time right now to build a file server, you might want to think about adding some extra security. ![]() However, it’s also pretty common to set up your server so that you can access your files when you’re away from home, making your Raspberry Pi accessible from the Internet. In any case, it means that you are going to need to enable Secure Shell (SSH) for remote access. This is especially true if you intend tuck your Raspberry Pi away behind your television, or somewhere else out of the way. However, when you’re setting up this sort of server you often want to run it “headless” without a monitor, keyboard, or mouse. This is has become rather common with the launch of Raspberry Pi 4, which has both USB 3 and Gigabit Ethernet. You can enable 2FA on Raspberry Pi, and afterwards you’ll be challenged for a verification code when you access it remotely via Secure Shell (SSH).Ī lot of people use a Raspberry Pi at home as a file, or media, server. However you might be surprised to learn that you can do the same with your Raspberry Pi. Enabling two-factor authentication (2FA) to boost security for your important accounts is becoming a lot more common these days.
0 Comments
Leave a Reply. |