Cockpit is a web-based graphical interface for servers, intended for everyone, especially those who are:
- new to Linux (including Windows admins)
- familiar with Linux and want an easy, graphical way to administer servers
- expert admins who mainly use other tools but want an overview on individual systems
How to install Google Two Factor Authenticator to secure Cockpit
# dnf install google-authenticator qrencode-libs
Libqrencode is a fast and compact library for encoding data in a QR Code symbol, a 2D symbology that can be scanned by handy terminals such as a mobile phone with CCD. The capacity of QR Code is up to 7000 digits or 4000 characters and has high robustness.
On CentOS, Libqrencode is available on package qrencode-libs.
# google-authenticator -t -d -f -r 3 -R 30 -W
Then edit /etc/pam.d/cockpit
# vi /etc/pam.d/cockpit
And add the following code at the end of file.
auth required pam_google_authenticator.so nullok
nullok means if we have not 2FA in our home, we can still login
Restart cockpit with the following command
# systemctl restart cockpit.socket
Now, our cockpit secured with Google Authenticator 2FA.
You can check code on home directory .google_authenticator file contain secret key and 5 recovery codes.
" RATE_LIMIT 3 30 1693590532
" WINDOW_SIZE 3
" DISALLOW_REUSE 56483718