MFA

Support for security such as Firewalls and securing linux
Post Reply
muhammad junaid
Posts: 1
Joined: 2019/03/06 14:06:49

MFA

Post by muhammad junaid » 2019/03/06 14:15:27

Hope you are all doing well.
I want to implement MFA on Centos 7. I installed google google-authenticator and it work with recovery code only. it is not working with verification code that i getting from google authenticator. Can you guys please guide me what is issue? Please find result when i get access through ssh

============================

OpenSSH_7.6p1 Ubuntu-4ubuntu0.2, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 209.240.111.130 [209.240.111.130] port 22.
debug1: Connection established.
debug1: identity file /home/junaid/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/junaid/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/junaid/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/junaid/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/junaid/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/junaid/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/junaid/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/junaid/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.4
debug1: match: OpenSSH_6.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 209.240.111.130:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:qaJM3mh3CpLp+IVGVRuu7Xvm8XtTxGKAhsDZCn5izRg
debug1: Host '209.240.111.130' is known and matches the ECDSA host key.
debug1: Found key in /home/junaid/.ssh/known_hosts:45
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1003)

debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1003)

debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:QeWyl8mRWXvwcu4vDp+nBUzsd8MmXHDCC7hGsE8ayOw /home/junaid/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /home/junaid/.ssh/id_dsa
debug1: Trying private key: /home/junaid/.ssh/id_ecdsa
debug1: Trying private key: /home/junaid/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
Verification code:
Password:
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
Verification code:

============================

apolonio
Posts: 16
Joined: 2010/04/27 14:05:12
Contact:

Re: MFA

Post by apolonio » 2019/03/30 07:27:11

Check the time on your linux machine and time on the device that is providing the codes.

LA

Post Reply

Return to “CentOS 7 - Security Support”