Auth Armor 2FA authentication SSH plugin
You should have an alternative means of accessing your server in the event that you are unable to approve your Auth Armor 2FA requests such as a physical, graphical, or virtual TTY.
Requirements: curl, awk, jq, uuidgen
git clone https://github.com/AuthArmor/autharmor-ssh.git
sudo cp autharmor-ssh/autharmor-ssh /usr/bin/
sudo cp autharmor-ssh/autharmor-ssh.conf /etc/
echo "ForceCommand /usr/bin/autharmor-ssh" | sudo tee -a /etc/ssh/sshd_config
sudo systemctl reload sshdUse the Auth Armor dashboard to generate API keys and register users. When inviting users you should use their ssh username in the Nickname field.
Once your user(s) have been setup, place your project's API keys (CLIENT_ID and CLIENT_SECRET) in /etc/autharmor-ssh.conf. Make sure your users are invited, enrolled, and working before saving your API keys to autharmor-ssh.conf. The plugin will not enforce 2FA unless these keys have been set.