Howto remove Google authenticator from SSH logins

I used the Google authenticator for quite some time now and i must say i like it. As showed in my  earlier article on how to install the Google authenticator app it is pretty straightforward to install the second authentication factor.

But is it also easy to uninstall the feature? Yes it is.

Step 1:

Make sure -in case something goes wrong- that you (temporarily) have alternative ways to access your server. Think of console access or even (watch carefully) telnet access.

Step 2:

Disable ChallengeResponseAuthentication within your SSH configuration:

user@server:~$ vi /etc/ssh/sshd_config

Change the value from yes to no

ChallengeResponseAuthentication no

Save the changes.

Step 3:

Change your /etc/pam.d/ssh configuration:

user@server:~$ vi /etc/pam.d/sshd

Remove or comment-out the following line:

auth required

Save the changes.

Step 4:

Remove the .google_authenticator file from each of the home directories of users that you used the Google authenticator app for.

user@server:~$ rm .google_authenticator

Step 5:

Restart the SSH daemon.

user@server:~$ sudo /etc/ssh/ssh restart

That should be it!

One thought on “Howto remove Google authenticator from SSH logins”

  1. Step 5:

    `user@server:~$ sudo /etc/ssh/ssh restart`

    In the /etc/ssh directory there is no ssh binary to use, and if I recall correctly, there hasn’t ever been?

    I’ve always restarted SSH via: `sudo service ssh restart` (for Ubuntu). Posting a heads up, just in case others have run into this as well.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.