So I've been reading more and more about how (relatively) easy it is to have your Ubuntu server compromised and suffice to say have become a tad paranoid by this fact.
I've setup Multi Factor Authentication using libpam-google-authenticator
and a password.
What I'd like to be able to do is use both a password and a verification code OR an ssh key and a verification code. Preferably checking for an SSH key and if one is received then asking for a verification code, or if an SSH key is not present, asking for a password then a verification code.
I've been racking my brain reading over the following tutorials, but feel like I'm missing some fundamental knowledge to get the correct order.
- https://sysconfig.org.uk/two-factor-authentication-with-ssh.html
- https://unix.stackexchange.com/questions/145588/2-factor-authentication-in-ssh-using-public-key-and-pam
- https://serverfault.com/questions/629883/trying-to-get-ssh-with-public-key-no-password-google-authenticator-working-o
As a side question, does anyone know the correct wording for what I'm trying to do? I gather that may be part of my problem while researching.