Ubuntu Server 22.0.4 SSH connections

Ubuntu server MFA Integration

General Overview

This guide explains the instructions on configuring Mirket multi-factor authentication for Ubuntu server ssh login .

Configuring Ubuntu Server

Follow these steps to configure Ubuntu:

1. Enter these two command line prompts:

   Copy

   $ sudo apt-get install libpam-radius-auth
   $ sudo nano /etc/ssh/sshd_config

2. Edit the following lines and remove the “#” letter if they have.

   Copy

   ChallengeResponseAuthentication yes
   UsePAM yes
   KbdInteractiveAuthentication yes

3. Enter this command line:

   Copy

   $ sudo nano /etc/pam.d/sshd

4. Add the following line to the start of the file.

   Copy

   auth  sufficient   pam_radius_auth.so

5. Enter this command line:

   Copy

   $ sudo nano /etc/pam_radius_auth.conf

6. First, you should comment on all current settings.

   You can even remove all lines and keep your file simple.

7. Add the RADIUS server hostname or IP address using this format:

   Copy

   #server[:port]    shared_secret    timeout(s)
   IP/FQDN           MySecret         60

   where:

   IP/FQDN

   The IP address or hostname for this SecureAuth Identity platform appliance.

   MySecret

   The shared secret used in the appliance.radius.properties file on the SecureAuth Identity Platform appliance, under the SA RADIUS Configuration folder.

   60

   The number of seconds for communication between the servers.

8. Restart the SSHD service using this command:

   Copy

   $ sudo service ssh restart

9. Create accounts for the user accounts you want to connect with MFA

sudo adduser micheal --disabled-password

For troubleshooting , see the logs ;

sudo tail -f /var/log/auth.log

Configure Mirket

To enable Mirket to receive authentication requests from Ubuntu server, follow these steps:

Add a Ubuntu server as Resource in Mirket with NPS

Before starting, ensure that you have installed NPS (Network Policy Server) from Server Manager. Once installed, open the Network Policy Server. To add a Radius Client to the NPS, follow these steps:

• Click on the 'Radius Clients and Server' folder and select the 'Configure Radius Clients' option.

• Hover over the 'Radius Clients' option, right-click using the mouse, and select New.

• In the window that appears, assign a name to your Radius Client in the Friendly Name section.

• Enter the IP address of your firewall in the Address (IP or DNS) section.

• Select either the 'Manual' or 'Generate' option to enter your secret key in the Secret Key section.

• Click OK to confirm settings.

User and Group configuration on Mirket

To set up multifactor authentication, make sure you have at least one user group in Mirket.

If it is preferred to use a local user, first create a local group and then create a local user and make the user a member of the group.

If it is preferred to use LDAP users, the priority LDAP group is created by pulling users from Active Directory or OpenLDAP in Mirket.

Add a Radius Rules to Mirket

Radius Rules define user access to resources and the authentication methods available (such as SMS, Approve / Deny, OTP etc.).

First, you should follow these steps:

• Select Rules > Radius Rules.

• Click on Add New.

• Enter a rule name in the Name field.

• Enter the rule description in the Description field.

• Select the group to which the rule applies from the Group dropdown list.

• Select the provider to which the rule applies from the Provider dropdown list.

• Click on Save to confirm settings.

Related Topics