In the last post, I did a video on how to set up a Virtual Private Server with SSH public key authentication. In this video, I’m going to show you how to add an additional layer of security to your server with Two Factor Authentication.
I am a firm believer that you can never have too much security on the internet. If you are managing your own server, you need to be even more vigilant in protecting the data, content, as well as your sites visitors, and two factor authentication is a great way to do that.
Let’s quickly review what we have done to make our server a little more secure:
- We set up SSH public key access and disabled password authentication (if anyone wants to access our server, they need the private key to do so.
- We assigned a passphrase to our ssh key (if anyone does happen to get our private key, they need to know the passphrase to use it).
So now we are going to lock that server down just a little bit more by adding Two Factor Authentication from Duo Security, Inc
In the video below, I show you how to compile duo from the source code, install, and configure it to work with ssh as well as system wide (optional). Duo has a great set of step by step instructions on their website (which I used in this video) on how to do this.
When you receive an authorization request, you can approve or deny the request right from your notifications bar on your mobile device(example image below), how’s that for simplicity!
We now have secured our server with ssh public key authentication, protected our ssh key with a passphrase and added two factor authentication system wide with Duo Security. In the next post we will continue to focus on security and implement additional policies to that end.
I would love to hear about some of your methods for securing your servers, I look forward to your thoughts and ideas in the comments below.