Two step authentication on SSH with Google Authenticator under Debian Sid


On a Debian Sid system, install the following :

apt-get install libpam-google-authenticator

Edit /etc/ssh/sshd_config and set :

ChallengeResponseAuthentication yes

Restart the service :

service ssh restart

Now run :


Scan the barcode from the Google Authenticator app on your mobile device.

Edit /etc/pam.d/sshd and add at the very beginning of the file :

auth required

Now test a SSH connection. You should be prompted by a cool “Verification code :” Then by the regular password prompt.

Thanks for reading this post!

If you found an issue in this article, you can create an issue on Github.

If you have a comment or question, please drop me a line below!