Secure desktop login with a one-time token
|
Token, Token, Token….
Next, enable Google Authenticator for the desired user account. The Google Authenticator app first must be installed on your smartphone. Open a terminal in Linux and enter the command google-authenticator as your regular user (not root!). The application recommends various configuration options, and you can decide which one works best for you.
The tool describes all configuration values. I answered the first prompt with Yes, after which Google Authenticator spits out some QR code (Figure 1). Next, open the app on your smartphone (Figure 2) and scan in the QR code (Figure 3). In this way, you link the Linux login with the Google Authenticator.
Figure 1: The Google Authenticator generates the required data and prepares the QR code for scanning.
Figure 2: After first opening the Google Authenticator app on your smartphone, Google lets you scan a bar code.
Figure 3: Scanning in the QR code is a cinch and lets you link the Linux login to the Google Authenticator..
The app acknowledges it by giving you a one-time code (Figure 4).However, that doesn't end the setup just yet. The Authenticator then poses further questions to which you can respond at your own discretion. I opted to answer all of them with y . A view of the completed configuration appears in Figure 5.
Figure 4: Google Authenticator confirms the successful linking process by showing a one-time passcode.
Figure 5: A few moments later, the Google Authenticator setup is complete.
Emergency scratch codes appear when responding to questions. You can use these to log in to the computer if the smartphone isn't handy, if the app isn't working, or if the system clocks between computer and smartphone are off. Write down these single-use tokens and store them in a safe place away from your computer.
Trust Is Good
Now that setup is completed, you can put your system through some tests. In principle, it's enough just to log off. However, because you upgraded at the beginning of the setup, you might as well restart the computer.
At the next login session, the system asks for a one-time token along with the usual username and password (Figure 6). Open the smartphone app and enter the indicated token in the login field. Remember, however, that the one-time password is only good for a limited time. Fortunately, generating the TOTP works even when the smartphone is offline.
Figure 6: You use the code delivered by your smartphone to log in after entering your username and password.
« Previous 1 2 3 Next »
Buy this article as PDF
Pages: 3
(incl. VAT)
Buy Ubuntu User
US / Canada
UK / Australia
Related content
-
Zeroshell workshop
A wireless LAN is easier to set up than a cable LAN but is significantly less secure. A RADIUS server can change that.
- Ubuntu, Google, and the Future of Linux. And rsync too.
-
Android and Ubuntu
Load photos, videos, and music from your Android smartphone to your desktop using AirDroid and your browser.
-
Google Launches New Channel On YouTube
Ellen Ko of Google's Open Source Team announces the creation of a new Google YouTube channel, googleOSPO, created to house all the Google and open source related videos in one place.
-
The Minecraft cult game
With the current version 1.7, Minecraft developers have dared to take a step away from the popular blocks look. However, the real thrill of the game is hardly its visual effects.