What's New Here?

    firefox-logo
    Contents [show]

    Introduction

    This is a small and quick guide on How to install Firefox in Kali Linux.
    Mozilla Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android, by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. Firefox uses the Gecko layout engine to render web pages, which implements current and anticipated web standards.
    As of July 2013, Firefox has between 16% and 21% of worldwide usage, making it the third most popular web browser, according to different sources. According to Mozilla, Firefox counts over 450 million users around the world. The browser has had particular success in Indonesia, Germany, and Poland, where it is the most popular browser with 57%, 45% and 44% of the market share, respectively. Source:Wikipedia
    IceWeasel is the default browser in Kali Linux which is really Firefox with a different name and logo. Debian guru’s didn’t like Mozilla’s license agreement and decided to use IceWeasel instead of Firefox. Personally, I can’t see much differences but if you’re one of those people who MUST use Firefox this guide will help you to replace IceWeasel with Firefox.
    Note: This is copy paste guide to achieve that. So yeah, this is the best way to go about..

    Close IceWeasel


    iceweasel logo

    If you have IceWeasel running, how are you going to remove it? So copy these instructions into Leafpad and close IceWeasel. Maybe you could bookmark this site to come back and check? Upto you really.

    Install Firefox in Kali Linux

    Copy paste these commands in your Terminal.
    apt-get remove iceweasel
    echo -e "\ndeb http://downloads.sourceforge.net/project/ubuntuzilla/mozilla/apt all main" | tee -a /etc/apt/sources.list > /dev/null
    apt-key adv --recv-keys --keyserver keyserver.ubuntu.com C1289A29
    apt-get update
    apt-get install firefox-mozilla-build

    Testing

    Now find Firefox logo and fire it up.
    Hope this small guide helps someone out there..

    Thanks for reading.
    End of guide How to install Firefox in Kali Linux.

    How to install Firefox in Kali Linux

    Posted by Hafeez Feeze No comments

    firefox-logo
    Contents [show]

    Introduction

    This is a small and quick guide on How to install Firefox in Kali Linux.
    Mozilla Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android, by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. Firefox uses the Gecko layout engine to render web pages, which implements current and anticipated web standards.
    As of July 2013, Firefox has between 16% and 21% of worldwide usage, making it the third most popular web browser, according to different sources. According to Mozilla, Firefox counts over 450 million users around the world. The browser has had particular success in Indonesia, Germany, and Poland, where it is the most popular browser with 57%, 45% and 44% of the market share, respectively. Source:Wikipedia
    IceWeasel is the default browser in Kali Linux which is really Firefox with a different name and logo. Debian guru’s didn’t like Mozilla’s license agreement and decided to use IceWeasel instead of Firefox. Personally, I can’t see much differences but if you’re one of those people who MUST use Firefox this guide will help you to replace IceWeasel with Firefox.
    Note: This is copy paste guide to achieve that. So yeah, this is the best way to go about..

    Close IceWeasel


    iceweasel logo

    If you have IceWeasel running, how are you going to remove it? So copy these instructions into Leafpad and close IceWeasel. Maybe you could bookmark this site to come back and check? Upto you really.

    Install Firefox in Kali Linux

    Copy paste these commands in your Terminal.
    apt-get remove iceweasel
    echo -e "\ndeb http://downloads.sourceforge.net/project/ubuntuzilla/mozilla/apt all main" | tee -a /etc/apt/sources.list > /dev/null
    apt-key adv --recv-keys --keyserver keyserver.ubuntu.com C1289A29
    apt-get update
    apt-get install firefox-mozilla-build

    Testing

    Now find Firefox logo and fire it up.
    Hope this small guide helps someone out there..

    Thanks for reading.
    End of guide How to install Firefox in Kali Linux.

    In keeping with the Kali Linux Network Services Policy, there are no network services, including database services, running on boot so there are a couple of steps that need to be taken in order to get Metasploit up and running with database support.
    This post solves the following issues when starting metasploit:
    1. [-] Error while running command db_connect: Failed to connect to the database: PG::Error: ERROR:  permission denied to create database : CREATE DATABASE “metasploit3″ ENCODING = ‘utf8′
    2. [-] Error while running command db_connect: Failed to connect to the database: FATAL: role “root” does not exist
    3.  msf > db_status[*] postgresql selected, no connection

    Start the Kali PostgreSQL Service

    Metasploit uses PostgreSQL as its database so it needs to be launched first.
    service postgresql start
    You can verify that PostgreSQL is running by checking the output of ss -ant and making sure that port 5432 is listening.
    State Recv-Q Send-Q Local Address:Port Peer Address:Port
     LISTEN 0 128 :::22 :::*
     LISTEN 0 128 *:22 *:*
     LISTEN 0 128 127.0.0.1:5432 *:*
     LISTEN 0 128 ::1:5432 :::*

    Start the Kali Metasploit Service

    With PostgreSQL up and running, we next need to launch the metasploit service. The first time the service is launched, it will create a msf3 database user and a database called msf3. The service will also launch the Metasploit RPC and Web servers it requires.
    service metasploit start

    Launch msfconsole in Kali

    Now that the PostgreSQL an Metasploit services are running, you can launch msfconsole and verify database connectivity with thedb_status command as shown below.
    msfconsole
    msf > db_status
     [*] postgresql connected to msf3
     msf >

    Configure Metasploit to Launch on Startup

    If you would prefer to have PostgreSQL and Metasploit launch at startup, you can use update-rc.d to enable the services as follows.
    update-rc.d postgresql enable
    update-rc.d metasploit enable
    I don’t claim ownership with this post, this is also available in Kali Linux Official Documentation. I again suggest readers to do some study and read Kali Official Documentation.
    If you’re interested on how to use metasploit to pentest Windows 2003 Server, following guide will take you through step by step procedures.
    Thanks for reading. Please share.

    Start Metasploit Framework in Kali Linux

    Posted by Hafeez Feeze No comments

    In keeping with the Kali Linux Network Services Policy, there are no network services, including database services, running on boot so there are a couple of steps that need to be taken in order to get Metasploit up and running with database support.
    This post solves the following issues when starting metasploit:
    1. [-] Error while running command db_connect: Failed to connect to the database: PG::Error: ERROR:  permission denied to create database : CREATE DATABASE “metasploit3″ ENCODING = ‘utf8′
    2. [-] Error while running command db_connect: Failed to connect to the database: FATAL: role “root” does not exist
    3.  msf > db_status[*] postgresql selected, no connection

    Start the Kali PostgreSQL Service

    Metasploit uses PostgreSQL as its database so it needs to be launched first.
    service postgresql start
    You can verify that PostgreSQL is running by checking the output of ss -ant and making sure that port 5432 is listening.
    State Recv-Q Send-Q Local Address:Port Peer Address:Port
     LISTEN 0 128 :::22 :::*
     LISTEN 0 128 *:22 *:*
     LISTEN 0 128 127.0.0.1:5432 *:*
     LISTEN 0 128 ::1:5432 :::*

    Start the Kali Metasploit Service

    With PostgreSQL up and running, we next need to launch the metasploit service. The first time the service is launched, it will create a msf3 database user and a database called msf3. The service will also launch the Metasploit RPC and Web servers it requires.
    service metasploit start

    Launch msfconsole in Kali

    Now that the PostgreSQL an Metasploit services are running, you can launch msfconsole and verify database connectivity with thedb_status command as shown below.
    msfconsole
    msf > db_status
     [*] postgresql connected to msf3
     msf >

    Configure Metasploit to Launch on Startup

    If you would prefer to have PostgreSQL and Metasploit launch at startup, you can use update-rc.d to enable the services as follows.
    update-rc.d postgresql enable
    update-rc.d metasploit enable
    I don’t claim ownership with this post, this is also available in Kali Linux Official Documentation. I again suggest readers to do some study and read Kali Official Documentation.
    If you’re interested on how to use metasploit to pentest Windows 2003 Server, following guide will take you through step by step procedures.
    Thanks for reading. Please share.

    Fix VPN grayed out problem and enable VPN on Kali Linux

    A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it is directly connected to the private network, while benefiting from the functionality, security and management policies of the private network A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryptions. On Kali Linux, by default VPN options are grayed out. This guide will show users how to install necessary packages to fix VPN grayed out issue and enable VPN on Kali Linux.

    Enable VPN on Kali Linux - blackMORE Ops - 0

    A virtual private network connection across the Internet is similar to a wide area network (WAN) link between sites. From a user perspective, the extended network resources are accessed in the same way as resources available within the private network. Through VPN you can access your private network over Internet.

    VPNs allow employees to securely access their company’s intranet while traveling outside the office. Similarly, VPNs securely connect geographically disparate offices of an organization, creating one cohesive network. VPN technology is also used by Internet users to connect to proxy servers for the purpose of protecting personal identity and location. [Source:WikiPedia]

    Why use VPN – benefits?

    Here’s my top 11 reasons why you would want to use VPN services.
    1. VPN provides Privacy and cloaks your IP address.
    2. Use any network (public or private or free WiFi) with encryption
    3. Login to your home or Work network from anywhere with confidence.
    4. Bypass censorship and content monitoring.
    5. Browse and bypass Firewall and censorship policy at work or Anywhere!
    6. Access region restricted services from anywhere (i.e. Youtube videos, NetFlix or BBC Player etc.)
    7. Transfer or receive files with privacy.
    8. Hide your voice/VOIP calls.
    9. Use Search Engines while hiding some of your identity.
    10. Hide yourself
    11. Cause you like to be anonymous.
    As you can see from the list above, VPN not necessarily hides everything. Search engines can probably still recognizes you based on your cookies, previous browsing behavior, account sign-in (duh!), browser plug-ins (i.e. Alexa, Google Toolbar etc.).

    VPN grayed out problem on Kali Linux

    By default the VPN section is grayed out on Kali Linux. While this can be a easy fix, those who are not familiar with packages required for VPN, can get confused and with so many websites around giving different advises, it can be a problem identifying the correct info. I will try to provide a short and concise guide with explanation to my best ability.

    Enable VPN on Kali Linux - blackMORE Ops - 1

    Read below on how to enable VPN (by enabling VPN you actually fix VPN grayed out issue on Kali Linux). Screenshot below shows the Grayed out VPN +Add button on a default Kali Linux installation.

    Enable VPN on Kali Linux - blackMORE Ops - 2

    Enable VPN on Kali Linux


    Like I said before, this is very simple actually. Just run the following command as root and you’re all set.(and of course you need to have the correct repositories).
    aptitude -r install network-manager-openvpn-gnome network-manager-pptp network-manager-pptp-gnome network-manager-strongswan network-manager-vpnc network-manager-vpnc-gnome

    Enable VPN on Kali Linux - blackMORE Ops - 3

    I think I owe some explanation on why I am using aptitude instead of apt-get, why I am using -r flag and why I am not restarting theNetwork Manager.
    By using aptitude -r install, I am ensuring that it installs all packages as mentioned above along with any recommended packages (total download size is very small i.e. 1969kB, so nothing to worry about).
    The reason I am not restarting Network-Manager is because aptitude would do it for you. Why do it twice, right?
    Once installation is finished, go back to Network ICON on top right > Network Connections > VPN TAB and now +Add button is not grayed out anymore.
    Enable VPN on Kali Linux - blackMORE Ops - 4
    So let’s check what you get when you press the +Add button.

    VPN Options on Kali Linux (GNOME)

    Following is what you will see when you press the +Add button on VPN tab.
    Enable VPN on Kali Linux - blackMORE Ops - 5

    Use the drop down menu to get more supported VPN Connection Types:
    Enable VPN on Kali Linux - blackMORE Ops - 6

    In total, you got 4 supported VPN Connections types on Kali Linux:
    1. Cisco Compatible (vpnc)
    2. IPsec/IKEv2 (strongswan)
    3. OpenVPN
    4. Point-to-point Tunneling Protocol (PPTP)

    Conclusion

    VPN is good, VPN is secure, VPN allows you to bypass proxies, Firewall, monitoring and content filtering. But there’s always that drama when you’re using VPN, it sometime is slow and sometime is not that secure you’d think. But for countries like Iran, Pakistan, Egypt, China, North Korea etc. where content filtering is done in National Level maybe it’s a way to get the voice out. I am not going to discuss legality here, so I will leave that to you.
    I also got a list of VPN providers that I’ve tested and collected over the years, some are really fast and reliable, some are not. Some are free and some are expensive. Let me know if you want a more in detailed guide to setup VPN and actually show you how to browse using it, and I can do it when I am free. You can also tell us about your setup in comments section and I will be happy to include them in this guide or a new one.
    Thanks again for reading. Please share.

    Enable VPN on Kali Linux

    Posted by Hafeez Feeze No comments

    Fix VPN grayed out problem and enable VPN on Kali Linux

    A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it is directly connected to the private network, while benefiting from the functionality, security and management policies of the private network A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryptions. On Kali Linux, by default VPN options are grayed out. This guide will show users how to install necessary packages to fix VPN grayed out issue and enable VPN on Kali Linux.

    Enable VPN on Kali Linux - blackMORE Ops - 0

    A virtual private network connection across the Internet is similar to a wide area network (WAN) link between sites. From a user perspective, the extended network resources are accessed in the same way as resources available within the private network. Through VPN you can access your private network over Internet.

    VPNs allow employees to securely access their company’s intranet while traveling outside the office. Similarly, VPNs securely connect geographically disparate offices of an organization, creating one cohesive network. VPN technology is also used by Internet users to connect to proxy servers for the purpose of protecting personal identity and location. [Source:WikiPedia]

    Why use VPN – benefits?

    Here’s my top 11 reasons why you would want to use VPN services.
    1. VPN provides Privacy and cloaks your IP address.
    2. Use any network (public or private or free WiFi) with encryption
    3. Login to your home or Work network from anywhere with confidence.
    4. Bypass censorship and content monitoring.
    5. Browse and bypass Firewall and censorship policy at work or Anywhere!
    6. Access region restricted services from anywhere (i.e. Youtube videos, NetFlix or BBC Player etc.)
    7. Transfer or receive files with privacy.
    8. Hide your voice/VOIP calls.
    9. Use Search Engines while hiding some of your identity.
    10. Hide yourself
    11. Cause you like to be anonymous.
    As you can see from the list above, VPN not necessarily hides everything. Search engines can probably still recognizes you based on your cookies, previous browsing behavior, account sign-in (duh!), browser plug-ins (i.e. Alexa, Google Toolbar etc.).

    VPN grayed out problem on Kali Linux

    By default the VPN section is grayed out on Kali Linux. While this can be a easy fix, those who are not familiar with packages required for VPN, can get confused and with so many websites around giving different advises, it can be a problem identifying the correct info. I will try to provide a short and concise guide with explanation to my best ability.

    Enable VPN on Kali Linux - blackMORE Ops - 1

    Read below on how to enable VPN (by enabling VPN you actually fix VPN grayed out issue on Kali Linux). Screenshot below shows the Grayed out VPN +Add button on a default Kali Linux installation.

    Enable VPN on Kali Linux - blackMORE Ops - 2

    Enable VPN on Kali Linux


    Like I said before, this is very simple actually. Just run the following command as root and you’re all set.(and of course you need to have the correct repositories).
    aptitude -r install network-manager-openvpn-gnome network-manager-pptp network-manager-pptp-gnome network-manager-strongswan network-manager-vpnc network-manager-vpnc-gnome

    Enable VPN on Kali Linux - blackMORE Ops - 3

    I think I owe some explanation on why I am using aptitude instead of apt-get, why I am using -r flag and why I am not restarting theNetwork Manager.
    By using aptitude -r install, I am ensuring that it installs all packages as mentioned above along with any recommended packages (total download size is very small i.e. 1969kB, so nothing to worry about).
    The reason I am not restarting Network-Manager is because aptitude would do it for you. Why do it twice, right?
    Once installation is finished, go back to Network ICON on top right > Network Connections > VPN TAB and now +Add button is not grayed out anymore.
    Enable VPN on Kali Linux - blackMORE Ops - 4
    So let’s check what you get when you press the +Add button.

    VPN Options on Kali Linux (GNOME)

    Following is what you will see when you press the +Add button on VPN tab.
    Enable VPN on Kali Linux - blackMORE Ops - 5

    Use the drop down menu to get more supported VPN Connection Types:
    Enable VPN on Kali Linux - blackMORE Ops - 6

    In total, you got 4 supported VPN Connections types on Kali Linux:
    1. Cisco Compatible (vpnc)
    2. IPsec/IKEv2 (strongswan)
    3. OpenVPN
    4. Point-to-point Tunneling Protocol (PPTP)

    Conclusion

    VPN is good, VPN is secure, VPN allows you to bypass proxies, Firewall, monitoring and content filtering. But there’s always that drama when you’re using VPN, it sometime is slow and sometime is not that secure you’d think. But for countries like Iran, Pakistan, Egypt, China, North Korea etc. where content filtering is done in National Level maybe it’s a way to get the voice out. I am not going to discuss legality here, so I will leave that to you.
    I also got a list of VPN providers that I’ve tested and collected over the years, some are really fast and reliable, some are not. Some are free and some are expensive. Let me know if you want a more in detailed guide to setup VPN and actually show you how to browse using it, and I can do it when I am free. You can also tell us about your setup in comments section and I will be happy to include them in this guide or a new one.
    Thanks again for reading. Please share.

    So you want to be pentester? A common question is where do you start? This post gives you a list of recommended books for Pentesters. It is useful for any Linux security administrators and aspiring pentesters or anyone who is interested to learn the basic workings of Penetration test with Linux. As I write mostly about Kali Linux, I’ve focused on Kali Linux in this list, but this list if not limited to Kali Linux only, it is a recommended set of list for anyone who wants to be a Linux security administrator or penetration tester.

    Recommended Books for Pentesters - A collection of books for Linux security administrators and pentesters - blackMORE Ops

    This list and these recommended books will benefit any information security professionals of all levels, pentesters, systems administrators, network administrators, and beginning and intermediate professional pen testers, as well as students majoring in information security.  All books are available in Amazon, I’ve only listed the ones with good ratings, but there are more books available.. so read some reviews before you go on and buy yourself one.

    List of recommended books for pentesters


    A Bug Hunter’s Diary: A Guided Tour Through the Wilds of Software Security [Paperback]

    by Tobias Klein

    UNIX and Linux System Administration Handbook (4th Edition) [Paperback]

    by Evi Nemeth, Garth Snyder, Trent R. Hein , Ben Whaley

    The Hacker Playbook: Practical Guide To Penetration Testing [Kindle Edition]

    by Peter Kim (Author)

    Fuzzing: Brute Force Vulnerability Discovery [Paperback]

    by Michael Sutton , Adam Greene, Pedram Amini

    Metasploit: The Penetration Tester’s Guide [Paperback]

    by David Kennedy , Jim O’Gorman , Devon Kearns , Mati Aharoni

    The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws [Paperback]

    by Dafydd Stuttard , Marcus Pinto

    The Basics of Pentesting and Penetration Testing, Second Edition: Ethical Pentesting and Penetration Testing Made Easy [Paperback]

    by Patrick Engebretson

    Rootkits: Subverting the Windows Kernel Paperback

    by Greg Hoglund (Author), Jamie Butler (Author)

    Pentesting: The Art of Exploitation, 2nd Edition [Paperback]

    by Jon Erickson

    Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research [Paperback]

    by David Maynor , Thomas Wilhelm

    Penetration Tester’s Open Source Toolkit, Vol. 2 Paperback

    by Jeremy Faircloth (Author), Chris Hurley (Author), Jesse Varsalone (Author)

    The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws [Paperback]

    by Dafydd Stuttard , Marcus Pinto

    CWSP Certified Wireless Security Professional Official Study Guide (Exam PW0-200), Second Edition [Paperback]

    by Tom Carpenter , Grant Moerschel , Richard Dreger

    CWNA Certified Wireless Network Administrator Official Study Guide (Exam PW0-100), Fourth Edition (Certification Press) [Paperback]

    by Tom Carpenter , Joel Barrett

    Hope this list comes in handy and help those who would like to learn. These recommended books will introduce you to the most current tools for Linux pen testing. You will learn how to configure networking components, storage devices and system services such as DHCP and web services along with using some common tools used in Kali Linux aka Linux that are used for Pentest these days. Good Luck.

    Recommended books for Pentesters – A collection of books for Linux security administrators and pentesters

    Posted by Hafeez Feeze No comments

    So you want to be pentester? A common question is where do you start? This post gives you a list of recommended books for Pentesters. It is useful for any Linux security administrators and aspiring pentesters or anyone who is interested to learn the basic workings of Penetration test with Linux. As I write mostly about Kali Linux, I’ve focused on Kali Linux in this list, but this list if not limited to Kali Linux only, it is a recommended set of list for anyone who wants to be a Linux security administrator or penetration tester.

    Recommended Books for Pentesters - A collection of books for Linux security administrators and pentesters - blackMORE Ops

    This list and these recommended books will benefit any information security professionals of all levels, pentesters, systems administrators, network administrators, and beginning and intermediate professional pen testers, as well as students majoring in information security.  All books are available in Amazon, I’ve only listed the ones with good ratings, but there are more books available.. so read some reviews before you go on and buy yourself one.

    List of recommended books for pentesters


    A Bug Hunter’s Diary: A Guided Tour Through the Wilds of Software Security [Paperback]

    by Tobias Klein

    UNIX and Linux System Administration Handbook (4th Edition) [Paperback]

    by Evi Nemeth, Garth Snyder, Trent R. Hein , Ben Whaley

    The Hacker Playbook: Practical Guide To Penetration Testing [Kindle Edition]

    by Peter Kim (Author)

    Fuzzing: Brute Force Vulnerability Discovery [Paperback]

    by Michael Sutton , Adam Greene, Pedram Amini

    Metasploit: The Penetration Tester’s Guide [Paperback]

    by David Kennedy , Jim O’Gorman , Devon Kearns , Mati Aharoni

    The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws [Paperback]

    by Dafydd Stuttard , Marcus Pinto

    The Basics of Pentesting and Penetration Testing, Second Edition: Ethical Pentesting and Penetration Testing Made Easy [Paperback]

    by Patrick Engebretson

    Rootkits: Subverting the Windows Kernel Paperback

    by Greg Hoglund (Author), Jamie Butler (Author)

    Pentesting: The Art of Exploitation, 2nd Edition [Paperback]

    by Jon Erickson

    Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research [Paperback]

    by David Maynor , Thomas Wilhelm

    Penetration Tester’s Open Source Toolkit, Vol. 2 Paperback

    by Jeremy Faircloth (Author), Chris Hurley (Author), Jesse Varsalone (Author)

    The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws [Paperback]

    by Dafydd Stuttard , Marcus Pinto

    CWSP Certified Wireless Security Professional Official Study Guide (Exam PW0-200), Second Edition [Paperback]

    by Tom Carpenter , Grant Moerschel , Richard Dreger

    CWNA Certified Wireless Network Administrator Official Study Guide (Exam PW0-100), Fourth Edition (Certification Press) [Paperback]

    by Tom Carpenter , Joel Barrett

    Hope this list comes in handy and help those who would like to learn. These recommended books will introduce you to the most current tools for Linux pen testing. You will learn how to configure networking components, storage devices and system services such as DHCP and web services along with using some common tools used in Kali Linux aka Linux that are used for Pentest these days. Good Luck.

    Two-step verification (also known as Two-factor authentication, abbreviated to TFA) is a process involving two stages to verify the identity of an entity trying to access services in a computer or in a network. This is a special case of a multi-factor authentication which might involve only one of the three authentication factors (a knowledge factor, a possession factor, and an inheritance factor) for both steps. If each step involves a different authentication factor then the two-step verification is additionally two-factor authentication.

    Google’s two-step verification process

    Google was one of the first Internet companies to introduce a two-step verification process. To access a Google service using the two-step verification process, a user has to go through the following two stages:
    The first step is to log in using the username and password. This is an application of the knowledge factor.
    The implementation of the second step requires a mobile phone or the Google Authenticator application, which is an application of the possession factor.
    If the user opts to use a mobile phone, he/she has to register his/her phone number with Google. When one attempts to authenticate with username and password, Google will send via SMS a new, unique code to the phone. Receiving the SMS demonstrates that the user has the phone (or, in the case of GSM like networks the appropriate SIM chip).
    If the user opts to use the Google Authenticator (or another supported code generator application), he/she simply opens the application, which generates a new code every 30 seconds. This code is to be entered to complete the log in process. As a backup option in case the registered mobile phone or device running Google Authenticator is lost, stolen, or otherwise unavailable, the user can print a set of static single-use backup codes (also the knowledge factor) and store them in a safe place.
    The following are some other sites which offer two-step verification service:
    1. Amazon Web Services
    2. ANX
    3. App.net
    4. Apple ID
    5. Authy
    6. Battle.net
    7. Bitstamp
    8. Blockchain.info
    9. Box
    10. Dropbox
    11. eBay
    12. Etrade
    13. Evernote
    14. Facebook
    15. GitHub
    16. GoDaddy
    17. HootSuite
    18. Lastpass
    19. LinkedIn
    20. LocalBitcoins
    21. Microsoft
    22. MongoLab
    23. Namecheap
    24. PayPal
    25. SocialFlow
    26. timetotrade
    27. Tumblr
    28. Twitter
    29. Viaduct
    30. WordPress
    31. Yahoo! Mail
    32. innoview.gr
    33. zoho

    Google Authenticator

    Google Authenticator implements TOTP security tokens from RFC6238 in mobile apps made by Google, sometimes branded “two-step authentication”. The Authenticator provides a six digit one-time password users must provide in addition to their username and password to log into Google services or other sites. The Authenticator can also generate codes for third party applications, such as password managers or file hosting services. Some versions of the software are open source.
    [Source: WikiPedia]

    14 - Securing SSH with two factor authentication using Google Authenticator - blackMORE Ops

    Note: Google Authenticator doesn’t “call home” to Google — all the work happens on your SSH server and your phone. Google Authenticator is a open-source software, that means you can check the codes yourself. I guess after what happened with openSSL, that’s not a bad idea after all.
    In this article I will demonstrate how to secure SSH by setting up Two Factor Authentication (TFA) with Google Authenticator for the following Linux operating systems:
    1. Debian
    2. Ubuntu
    3. Linux Mint
    4. Kali Linux
    5. Red Hat
    6. CentOS
    7. Fedora
    Google Authenticator can be used in the following smartphones:
    1. Android,
    2. iOS and
    3. Blackberry.
    I am not too sure if you can use this on a Windows Based phone (i.e. new Nokia phones or Windows Mobiles devices). Feel free to try and report back.

    App Download Links as follows:

    1. Android: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en
    2. iOS: https://itunes.apple.com/au/app/google-authenticator/id388497605?mt=8
    3. Blackberry: http://www.google.com/mobile/other
    More detailed per device install instructions can be found on this page:
    https://support.google.com/accounts/answer/1066447?hl=en
    The implementation is exactly same except for some package name differences. So you can implement this in any Linux Operating System that uses these packages.

    Requirements

    Followings are the requirements for using Google Authenticator on your system:
    1. A PC running Linux
    2. A smartphone
    3. A running SSH server on your machine.

    In case you don’t have SSH server running, just follow this guide to install openSSH server.

    Step 1: Install dependencies for Google Authenticator Module

    You need to have either root or sudo privileges on the machine where you want to secure SSH by enabling Two Factor Authention using Google Authenticator. Login to your machine and use the following commands to install required dependency packages:
    On Debian, Kali, Ubuntu, Linux Mint (they all are Debian based system that uses aptitude as package manager i.e. apt-get/aptitude)
    apt-get install libpam0g-dev

    1 - Install dependencies for Google Authenticator PAM module - blackMORE Ops

    On Red Hat, CentOS and Fedora (they all are RedHat based where you use yum as the package manager):
    yum install pam-devel
    That’s it. That should install the necessary dependencies on your system. In case you have a very restricted system where you dont have GCC, make and wget, you can install them using the following command(s):
    yum install make gcc wget
    (or)
    apt-get install make gcc wget

    Step 2: Download Google Authenticator Module

    Google Authenticator is available on GoogleCode website.
    You can just copy paste the codes below to download and extract Google Authenticator codes. I personally use Kali Linux, that means I am always logged in as root user, if you’re using any of the other Linux distributions like Debian, Ubuntu, Linux Mint, Red Hat, CentOS or Fedora where you don’t usually login as root user, then you should choose your own directory to download and extract these codes.
    To download Source code of the Google Authenticator PAM library module use the following command:
    root@kali:~# wget http://google-authenticator.googlecode.com/files/libpam-google-authenticator-1.0-source.tar.bz2
    At the time of writing this article, v1.0 was available.

    2 - Download Google Authenticator PAM module from GoogleCode - blackMORE Ops

    Now extract your tarball:
    root@kali:~# tar -xvf libpam-google-authenticator-1.0-source.tar.bz2
    Change directory to the extracted folder:
    root@kali:~# cd libpam-google-authenticator-1.0/

    3 - Extract Google Authenticator PAM module from GoogleCode - blackMORE Ops

    Step 3: Compile and Install Google Authenticator PAM module

    So far we’ve installed dependencies, downloaded and extracted Google Authenticator PAM module. Now we need to compile the codes and install compiled software on our system.
    use the following command to compile your downloaded source codes:
    root@kali:~/libpam-google-authenticator-1.0# make

    4 - Compile extracted Google Authenticator PAM module from GoogleCode - blackMORE Ops

    Now install Google Authenticator PAM module on your system:
    root@kali:~/libpam-google-authenticator-1.0# make install

    5 - Install compiled Google Authenticator PAM module from GoogleCode - blackMORE Ops

    Step 4: Run and configure Google Authenticator

    Just run Google Authenticator PAM module from command line to configure it for your system:
    Run Google Authenticator PAM module using the following command:
    root@kali:~/libpam-google-authenticator-1.0# google-authenticator
    It should present you with bunch of question where you get to choose or . Let’s have a quick look at those questions and the outputs.
    Do you want authentication tokens to be time-based (y/n) y
    
    https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/root@kali%3Fsecret%3DWKHM6UVJNTPYSPTQ
    
    Your new secret key is: WKHM6UVJNTPYSPTQ
    Your verification code is 434260
    Your emergency scratch codes are:
      30287010
      70585905
      68748337
      15176712
      38041521
    So on your first question, you get a secret key, Your new secret key is: WKHM6UVJNTPYSPTQ and 5 emergency scratch codes. You use the emergency key on your mobile so that you can get the correct verification code next time you login. Emergency codes are used when you’ve lost your mobile.
    Next it asks you if you want to use this for your root account? Me being root users, I’ve chosen Yes.
    Do you want me to update your "/root/.google_authenticator" file (y/n) y
    Next up, it asks you if you want to disallow multiple uses of the same verification code. Unless you have a good reason not to, choose Yes.
    Do you want to disallow multiple uses of the same authentication
    token? This restricts you to one login about every 30s, but it increases
    your chances to notice or even prevent man-in-the-middle attacks (y/n) y
    Next part is time based login. From the point of getting the code on your mobile to typing in to your login prompt, 30 seconds should be more than enough. If you’r time sync is bad on your system or you’ve giving the code to someone over phone or you are a VERY slow keyboard warrior, I see no reason to change it. Select Yes here.
    By default, tokens are good for 30 seconds and in order to compensate for
    possible time-skew between the client and the server, we allow an extra
    token before and after the current time. If you experience problems with poor
    time synchronization, you can increase the window from its default
    size of 1:30min to about 4min. Do you want to do so (y/n) y
    Last up, well, of course we want to enable rate-limiting, by enabling this, you ensure that only 3 login attempts every 30s can be made.
    If the computer that you are logging into isn't hardened against brute-force
    login attempts, you can enable rate-limiting for the authentication module.
    By default, this limits attackers to no more than 3 login attempts every 30s.
    Do you want to enable rate-limiting (y/n) y
    This finishes your initial setup for Google Authenticator PAM module. Now we need to configure PAM and SSH to actually use this technique. This is really awesome.

    6 - Configure google-authenticator PAM module for the first time - blackMORE Ops


    Note: Leave this terminal window open (DO NOT CLOSE). We need the codes for next steps.

    Step 5: Configure SSH to use Google Authenticator PAM Module

    Open your PAM configuration file /etc/pam.d/sshd
    root@kali:~# vi /etc/pam.d/sshd
    and add the following line:
    auth       required     pam_google_authenticator.so
    7 - Configure SSHD PAM to use Google Authenticator PAM Module - blackMORE Ops

    Next up, open your SSH configuration file /etc/ssh/sshd_config
    root@kali:~# vi /etc/ssh/sshd_config
    and modify the line containing ChallengeResponseAuthentication no:
    ChallengeResponseAuthentication no
    (change it to)
    ChallengeResponseAuthentication yes

    8 - Configure sshd_config PAM to use Google Authenticator PAM Module - blackMORE Ops

    To have these changes take effect, restart SSH server:
    service ssh restart
    (or)
    service sshd restart
    (or)
    /etc/init.d/ssh restart
    (or)
    /etc/init.d/sshd restart
    Why 4 commands? Depending on your Linux distribution, some refers SSH Daemon as SSHD, some as SSH, some got service module installed, some requires you to go into /etc/init.d folder and restart SSH service manually.

    Step 6: Configure your SmartPhone for Google Authenticator App

    Like I said before, Google Authenticator can be used in the following smartphones:
    1. Android: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en
    2. iOS: https://itunes.apple.com/au/app/google-authenticator/id388497605?mt=8
    3. Blackberry: http://www.google.com/mobile/other
    More detailed per device install instructions can be found on this page:
    https://support.google.com/accounts/answer/1066447?hl=en
    Assuming you managed to install the App properly, Launch your Google Authenticator app in your SmartPhone.
    From Menu select Set up account

    9 - Configure SMARTPhone to use Google Authenticator - blackMORE Ops

    Step 6.1: Google Authenticator Setup Account

    Remember the secret key you got when you initialized Google-Authenticator PAM module on your computer? I hope you still got that window open. Select Enter provided key.

    10 - Select Enter provided key on SMARTPhone to use Google Authenticator - blackMORE Ops

    Next window you give it a name (something you can remember or relates to your workstation .. i.e. Home Workstation or My SuperAwesome LinuxBox … I’m going to use blackMORE Ops as the name.
    Type in your Secret Key on the next field and click on Add button.

    11 - Manually enter name and secret key on SMARTPhone to use Google Authenticator - blackMORE Ops
    Once it’s added it will generate a one time verification code (pin number) that will keep changing every 30 seconds.

    Step 7: Login to your computer via SSH

    Because I am doing all these in the same computer I will just login to localhost (IP: 127.0.0.1) If you got 2 or more machines or VirtualBox/VMWare machines then you can try to login from a different one. One thing to note, you MUST have SSH server running.
    In case you don’t have SSH server running, just follow this guide to install openSSH server.
    So we type in the following command: (this is where you need to find out your SSH server’s IP address, I’ve shown using localhost or 127.0.0.1 IP but this can be anything from an IP, FQDN or Domain name.)
    root@kali:~# ssh 127.0.0.1
    and immediately you see a prompt asking for Verification code. This is your Google Authenticator code that you get from your Google Authenticator Mobile App.
    12 - Verification Key on SMARTPhone to use Google Authenticator - blackMORE Ops
    Type in the numbers from your SmartPhones Google Authenticator App and then it will prompt your for your password. Type in your password to login now.

    13 - Securely SSH and enter Google Authenticator Verification Key and password to login to SSH - blackMORE Ops

    If you failed to type in the Verification code within 30 seconds, you have to try the next code shown on your SmartPhones Google Authenticator App. Awesome? Wouldn’t you agree?

    Alternatives to Google Authenticator SmartPhone App:

    In case you don’t own a SmartPhone or don’t want to use any, you can use the following add-on on your FireFox or IceWeasel browser:
    FireFox/IceWeasel App: GAuth Authenticator https://marketplace.firefox.com/app/gauth-authenticator/

    15 - Secure SSH with two factor authentication using Google Authenticator from FireFox- blackMORE Ops

    Interesting Fact:

    [Update]
    Got a response from the dev behind the Google Authenticator add-on for Chrome, Gerard Braad, who explained that Google have taken it down but gave no explanation as to why even after being asked several times.
    The Firefox version is still available though and work great. Hopefully he may look into the issue with the Chrome version and re-submit.
    Here is the FF version for those wishing to use it:
    https://marketplace.firefox.com/app/gauth-authenticator/
    Richard
    How about that?

    Conclusion

    Securing SSH with two factor authentication using Google Authenticator is possibly the best security model you can out there for free. You can always restrict SSH by IP, change port, rate-limit and do all sorts of crazy stuffs. But those who wants to open SSH to the outside world and implement all these extra security models (i.e. Brute-force detection etc.) have to constantly worry about the fact that who is trying is and what you’ve missed while securing your system. Securing SSH with two factor authentication using Google Authenticator possibly relieves you from that worry and you stop getting emails in the middle of the night saying someone tried to login via SSH X amount of times.
    Let me know you thoughts and if you’ve found this useful. Thanks for reading and being on my website. Please share. This would be best for System Administrators on any Linux systems.

    Securing SSH with two factor authentication using Google Authenticator With Kali Linux

    Posted by Hafeez Feeze No comments

    Two-step verification (also known as Two-factor authentication, abbreviated to TFA) is a process involving two stages to verify the identity of an entity trying to access services in a computer or in a network. This is a special case of a multi-factor authentication which might involve only one of the three authentication factors (a knowledge factor, a possession factor, and an inheritance factor) for both steps. If each step involves a different authentication factor then the two-step verification is additionally two-factor authentication.

    Google’s two-step verification process

    Google was one of the first Internet companies to introduce a two-step verification process. To access a Google service using the two-step verification process, a user has to go through the following two stages:
    The first step is to log in using the username and password. This is an application of the knowledge factor.
    The implementation of the second step requires a mobile phone or the Google Authenticator application, which is an application of the possession factor.
    If the user opts to use a mobile phone, he/she has to register his/her phone number with Google. When one attempts to authenticate with username and password, Google will send via SMS a new, unique code to the phone. Receiving the SMS demonstrates that the user has the phone (or, in the case of GSM like networks the appropriate SIM chip).
    If the user opts to use the Google Authenticator (or another supported code generator application), he/she simply opens the application, which generates a new code every 30 seconds. This code is to be entered to complete the log in process. As a backup option in case the registered mobile phone or device running Google Authenticator is lost, stolen, or otherwise unavailable, the user can print a set of static single-use backup codes (also the knowledge factor) and store them in a safe place.
    The following are some other sites which offer two-step verification service:
    1. Amazon Web Services
    2. ANX
    3. App.net
    4. Apple ID
    5. Authy
    6. Battle.net
    7. Bitstamp
    8. Blockchain.info
    9. Box
    10. Dropbox
    11. eBay
    12. Etrade
    13. Evernote
    14. Facebook
    15. GitHub
    16. GoDaddy
    17. HootSuite
    18. Lastpass
    19. LinkedIn
    20. LocalBitcoins
    21. Microsoft
    22. MongoLab
    23. Namecheap
    24. PayPal
    25. SocialFlow
    26. timetotrade
    27. Tumblr
    28. Twitter
    29. Viaduct
    30. WordPress
    31. Yahoo! Mail
    32. innoview.gr
    33. zoho

    Google Authenticator

    Google Authenticator implements TOTP security tokens from RFC6238 in mobile apps made by Google, sometimes branded “two-step authentication”. The Authenticator provides a six digit one-time password users must provide in addition to their username and password to log into Google services or other sites. The Authenticator can also generate codes for third party applications, such as password managers or file hosting services. Some versions of the software are open source.
    [Source: WikiPedia]

    14 - Securing SSH with two factor authentication using Google Authenticator - blackMORE Ops

    Note: Google Authenticator doesn’t “call home” to Google — all the work happens on your SSH server and your phone. Google Authenticator is a open-source software, that means you can check the codes yourself. I guess after what happened with openSSL, that’s not a bad idea after all.
    In this article I will demonstrate how to secure SSH by setting up Two Factor Authentication (TFA) with Google Authenticator for the following Linux operating systems:
    1. Debian
    2. Ubuntu
    3. Linux Mint
    4. Kali Linux
    5. Red Hat
    6. CentOS
    7. Fedora
    Google Authenticator can be used in the following smartphones:
    1. Android,
    2. iOS and
    3. Blackberry.
    I am not too sure if you can use this on a Windows Based phone (i.e. new Nokia phones or Windows Mobiles devices). Feel free to try and report back.

    App Download Links as follows:

    1. Android: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en
    2. iOS: https://itunes.apple.com/au/app/google-authenticator/id388497605?mt=8
    3. Blackberry: http://www.google.com/mobile/other
    More detailed per device install instructions can be found on this page:
    https://support.google.com/accounts/answer/1066447?hl=en
    The implementation is exactly same except for some package name differences. So you can implement this in any Linux Operating System that uses these packages.

    Requirements

    Followings are the requirements for using Google Authenticator on your system:
    1. A PC running Linux
    2. A smartphone
    3. A running SSH server on your machine.

    In case you don’t have SSH server running, just follow this guide to install openSSH server.

    Step 1: Install dependencies for Google Authenticator Module

    You need to have either root or sudo privileges on the machine where you want to secure SSH by enabling Two Factor Authention using Google Authenticator. Login to your machine and use the following commands to install required dependency packages:
    On Debian, Kali, Ubuntu, Linux Mint (they all are Debian based system that uses aptitude as package manager i.e. apt-get/aptitude)
    apt-get install libpam0g-dev

    1 - Install dependencies for Google Authenticator PAM module - blackMORE Ops

    On Red Hat, CentOS and Fedora (they all are RedHat based where you use yum as the package manager):
    yum install pam-devel
    That’s it. That should install the necessary dependencies on your system. In case you have a very restricted system where you dont have GCC, make and wget, you can install them using the following command(s):
    yum install make gcc wget
    (or)
    apt-get install make gcc wget

    Step 2: Download Google Authenticator Module

    Google Authenticator is available on GoogleCode website.
    You can just copy paste the codes below to download and extract Google Authenticator codes. I personally use Kali Linux, that means I am always logged in as root user, if you’re using any of the other Linux distributions like Debian, Ubuntu, Linux Mint, Red Hat, CentOS or Fedora where you don’t usually login as root user, then you should choose your own directory to download and extract these codes.
    To download Source code of the Google Authenticator PAM library module use the following command:
    root@kali:~# wget http://google-authenticator.googlecode.com/files/libpam-google-authenticator-1.0-source.tar.bz2
    At the time of writing this article, v1.0 was available.

    2 - Download Google Authenticator PAM module from GoogleCode - blackMORE Ops

    Now extract your tarball:
    root@kali:~# tar -xvf libpam-google-authenticator-1.0-source.tar.bz2
    Change directory to the extracted folder:
    root@kali:~# cd libpam-google-authenticator-1.0/

    3 - Extract Google Authenticator PAM module from GoogleCode - blackMORE Ops

    Step 3: Compile and Install Google Authenticator PAM module

    So far we’ve installed dependencies, downloaded and extracted Google Authenticator PAM module. Now we need to compile the codes and install compiled software on our system.
    use the following command to compile your downloaded source codes:
    root@kali:~/libpam-google-authenticator-1.0# make

    4 - Compile extracted Google Authenticator PAM module from GoogleCode - blackMORE Ops

    Now install Google Authenticator PAM module on your system:
    root@kali:~/libpam-google-authenticator-1.0# make install

    5 - Install compiled Google Authenticator PAM module from GoogleCode - blackMORE Ops

    Step 4: Run and configure Google Authenticator

    Just run Google Authenticator PAM module from command line to configure it for your system:
    Run Google Authenticator PAM module using the following command:
    root@kali:~/libpam-google-authenticator-1.0# google-authenticator
    It should present you with bunch of question where you get to choose or . Let’s have a quick look at those questions and the outputs.
    Do you want authentication tokens to be time-based (y/n) y
    
    https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/root@kali%3Fsecret%3DWKHM6UVJNTPYSPTQ
    
    Your new secret key is: WKHM6UVJNTPYSPTQ
    Your verification code is 434260
    Your emergency scratch codes are:
      30287010
      70585905
      68748337
      15176712
      38041521
    So on your first question, you get a secret key, Your new secret key is: WKHM6UVJNTPYSPTQ and 5 emergency scratch codes. You use the emergency key on your mobile so that you can get the correct verification code next time you login. Emergency codes are used when you’ve lost your mobile.
    Next it asks you if you want to use this for your root account? Me being root users, I’ve chosen Yes.
    Do you want me to update your "/root/.google_authenticator" file (y/n) y
    Next up, it asks you if you want to disallow multiple uses of the same verification code. Unless you have a good reason not to, choose Yes.
    Do you want to disallow multiple uses of the same authentication
    token? This restricts you to one login about every 30s, but it increases
    your chances to notice or even prevent man-in-the-middle attacks (y/n) y
    Next part is time based login. From the point of getting the code on your mobile to typing in to your login prompt, 30 seconds should be more than enough. If you’r time sync is bad on your system or you’ve giving the code to someone over phone or you are a VERY slow keyboard warrior, I see no reason to change it. Select Yes here.
    By default, tokens are good for 30 seconds and in order to compensate for
    possible time-skew between the client and the server, we allow an extra
    token before and after the current time. If you experience problems with poor
    time synchronization, you can increase the window from its default
    size of 1:30min to about 4min. Do you want to do so (y/n) y
    Last up, well, of course we want to enable rate-limiting, by enabling this, you ensure that only 3 login attempts every 30s can be made.
    If the computer that you are logging into isn't hardened against brute-force
    login attempts, you can enable rate-limiting for the authentication module.
    By default, this limits attackers to no more than 3 login attempts every 30s.
    Do you want to enable rate-limiting (y/n) y
    This finishes your initial setup for Google Authenticator PAM module. Now we need to configure PAM and SSH to actually use this technique. This is really awesome.

    6 - Configure google-authenticator PAM module for the first time - blackMORE Ops


    Note: Leave this terminal window open (DO NOT CLOSE). We need the codes for next steps.

    Step 5: Configure SSH to use Google Authenticator PAM Module

    Open your PAM configuration file /etc/pam.d/sshd
    root@kali:~# vi /etc/pam.d/sshd
    and add the following line:
    auth       required     pam_google_authenticator.so
    7 - Configure SSHD PAM to use Google Authenticator PAM Module - blackMORE Ops

    Next up, open your SSH configuration file /etc/ssh/sshd_config
    root@kali:~# vi /etc/ssh/sshd_config
    and modify the line containing ChallengeResponseAuthentication no:
    ChallengeResponseAuthentication no
    (change it to)
    ChallengeResponseAuthentication yes

    8 - Configure sshd_config PAM to use Google Authenticator PAM Module - blackMORE Ops

    To have these changes take effect, restart SSH server:
    service ssh restart
    (or)
    service sshd restart
    (or)
    /etc/init.d/ssh restart
    (or)
    /etc/init.d/sshd restart
    Why 4 commands? Depending on your Linux distribution, some refers SSH Daemon as SSHD, some as SSH, some got service module installed, some requires you to go into /etc/init.d folder and restart SSH service manually.

    Step 6: Configure your SmartPhone for Google Authenticator App

    Like I said before, Google Authenticator can be used in the following smartphones:
    1. Android: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en
    2. iOS: https://itunes.apple.com/au/app/google-authenticator/id388497605?mt=8
    3. Blackberry: http://www.google.com/mobile/other
    More detailed per device install instructions can be found on this page:
    https://support.google.com/accounts/answer/1066447?hl=en
    Assuming you managed to install the App properly, Launch your Google Authenticator app in your SmartPhone.
    From Menu select Set up account

    9 - Configure SMARTPhone to use Google Authenticator - blackMORE Ops

    Step 6.1: Google Authenticator Setup Account

    Remember the secret key you got when you initialized Google-Authenticator PAM module on your computer? I hope you still got that window open. Select Enter provided key.

    10 - Select Enter provided key on SMARTPhone to use Google Authenticator - blackMORE Ops

    Next window you give it a name (something you can remember or relates to your workstation .. i.e. Home Workstation or My SuperAwesome LinuxBox … I’m going to use blackMORE Ops as the name.
    Type in your Secret Key on the next field and click on Add button.

    11 - Manually enter name and secret key on SMARTPhone to use Google Authenticator - blackMORE Ops
    Once it’s added it will generate a one time verification code (pin number) that will keep changing every 30 seconds.

    Step 7: Login to your computer via SSH

    Because I am doing all these in the same computer I will just login to localhost (IP: 127.0.0.1) If you got 2 or more machines or VirtualBox/VMWare machines then you can try to login from a different one. One thing to note, you MUST have SSH server running.
    In case you don’t have SSH server running, just follow this guide to install openSSH server.
    So we type in the following command: (this is where you need to find out your SSH server’s IP address, I’ve shown using localhost or 127.0.0.1 IP but this can be anything from an IP, FQDN or Domain name.)
    root@kali:~# ssh 127.0.0.1
    and immediately you see a prompt asking for Verification code. This is your Google Authenticator code that you get from your Google Authenticator Mobile App.
    12 - Verification Key on SMARTPhone to use Google Authenticator - blackMORE Ops
    Type in the numbers from your SmartPhones Google Authenticator App and then it will prompt your for your password. Type in your password to login now.

    13 - Securely SSH and enter Google Authenticator Verification Key and password to login to SSH - blackMORE Ops

    If you failed to type in the Verification code within 30 seconds, you have to try the next code shown on your SmartPhones Google Authenticator App. Awesome? Wouldn’t you agree?

    Alternatives to Google Authenticator SmartPhone App:

    In case you don’t own a SmartPhone or don’t want to use any, you can use the following add-on on your FireFox or IceWeasel browser:
    FireFox/IceWeasel App: GAuth Authenticator https://marketplace.firefox.com/app/gauth-authenticator/

    15 - Secure SSH with two factor authentication using Google Authenticator from FireFox- blackMORE Ops

    Interesting Fact:

    [Update]
    Got a response from the dev behind the Google Authenticator add-on for Chrome, Gerard Braad, who explained that Google have taken it down but gave no explanation as to why even after being asked several times.
    The Firefox version is still available though and work great. Hopefully he may look into the issue with the Chrome version and re-submit.
    Here is the FF version for those wishing to use it:
    https://marketplace.firefox.com/app/gauth-authenticator/
    Richard
    How about that?

    Conclusion

    Securing SSH with two factor authentication using Google Authenticator is possibly the best security model you can out there for free. You can always restrict SSH by IP, change port, rate-limit and do all sorts of crazy stuffs. But those who wants to open SSH to the outside world and implement all these extra security models (i.e. Brute-force detection etc.) have to constantly worry about the fact that who is trying is and what you’ve missed while securing your system. Securing SSH with two factor authentication using Google Authenticator possibly relieves you from that worry and you stop getting emails in the middle of the night saying someone tried to login via SSH X amount of times.
    Let me know you thoughts and if you’ve found this useful. Thanks for reading and being on my website. Please share. This would be best for System Administrators on any Linux systems.

    Popular Posts

    back to top