Tagged: google-authenticator

Sublime SFTP failure while using Google Authenticator and Key file as two-factor authentication in CentOS 7

Problem: After applying Key file (ref here, using ssh-keygen ), and Google Authenticator (ref here, using yum install google-authenticator ) in CentOS 7, both SSH and FTP via FileZilla are both working ( FileZilla need to pass key file login, then switch login type to interactive in order to enter passphrase generated by Google Authenticator) but Sublime Text 3 can not upload file via SFTP. If the server just has a key file login, it will work.

According to this post, Sublime SFTP is waiting for the input prompt, and the prompt message has to be “Password: ” and show up.

Solution: Follow the below steps to turn on prompt and set it to “Password: ” :

1.Edit /etc/pam.d/sshd

vim /etc/pam.d/sshd

2. Append authtok_prompt to auth required pam_google_authenticator.so in order to override default token prompt :

auth required pam_google_authenticator.so [authtok_prompt=Password: ]

The value “Password: ” must not change to other values like “Passphrase: “, “Pass”. Otherwise Sublime can not recognize the prompt.

3. Enter systemctl restart sshd.service to restart service

systemctl restart sshd.service

Normally if you set the “user”, “password” and “ssh_key_file” value, in my case it will prompt a message like [email protected]_ip and asking your password. After entering your SSH password, it will prompt again with the same message, now please enter your Google Authenticator’s passphrase.