mirror of
				https://github.com/telekom-security/tpotce.git
				synced 2025-10-24 17:24:44 +00:00 
			
		
		
		
	
		
			
	
	
		
			32 lines
		
	
	
	
		
			1 KiB
		
	
	
	
		
			Bash
		
	
	
	
	
	
		
		
			
		
	
	
			32 lines
		
	
	
	
		
			1 KiB
		
	
	
	
		
			Bash
		
	
	
	
	
	
|   | #!/bin/bash
 | ||
|  | 
 | ||
|  | ######################################################## | ||
|  | # T-Pot Community Edition                              # | ||
|  | # Two-Factor authentication enable script              # | ||
|  | #                                                      # | ||
|  | # v0.20 by mo, DTAG, 2015-01-27                        # | ||
|  | ######################################################## | ||
|  | 
 | ||
|  | echo "### This script will enable Two-Factor-Authentication based on Google Authenticator for SSH." | ||
|  | while true  | ||
|  | do | ||
|  |   echo -n "### Do you want to continue (y/n)? "; read myANSWER; | ||
|  |   case $myANSWER in | ||
|  |     n) | ||
|  |       echo "### Exiting." | ||
|  |       exit 0; | ||
|  |       ;; | ||
|  |     y) | ||
|  |       break | ||
|  |       ;; | ||
|  |   esac | ||
|  | done | ||
|  | if [ -f /etc/pam.d/sshd.bak ]; | ||
|  |   then echo "### Already enabled. Exiting." | ||
|  |   exit 1; | ||
|  | fi | ||
|  | sudo sed -i.bak '\# PAM#aauth required pam_google_authenticator.so' /etc/pam.d/sshd | ||
|  | sudo sed -i.bak 's#ChallengeResponseAuthentication no#ChallengeResponseAuthentication yes#' /etc/ssh/sshd_config | ||
|  | google-authenticator -t -d -f -r 3 -R 30 -w 21 | ||
|  | echo "### Please do not forget to run the ssh_enable script." |