How to set up SSH two-factor authentication for Raspberry Pi

There is a very good step by step tutorial on how to set up two-factor authentication for your Raspberry Pi in the included video. I have the step by steps commands listed below.

Two-factor authentication

Go to the terminal and enter this command:

sudo apt update && sudo apt upgrade && sudo apt dist-upgrade

Enable SSH in your raspberry pi config file

Go to the terminal and enter this command to enable the challenge file for SSH. You need to change the # Authentication from no to yes:

sudo nano /etc/ssh/sshd_config

Then hit cntrl x then y then enter to save.

Then you need to restart SSH. Go to the terminal and enter this command:

sudo systemctl restart ssh

Now install Google Authenticator for your Smartphone

Now install the PAM module for your Raspberry Pi. Go to the terminal and enter this command:

sudo apt install libpam-google-authenticator

Now run the Google Authenticator on the command line. Go to the terminal and enter this command:

google-authenticator

Then write down the emergency codes – just in case you need them later.

Then enter YES, YES, NO, YES

Go to the terminal and enter this command:

sudo nano /etc/pam.d/sshd

While in the file, add this command after “@include common-auth”

auth required pam_google_authenticator.so

Then you need to restart SSH. Go to the terminal and enter this command:

sudo systemctl restart ssh

When I use Putty to SSH into my RPI and this works as advertised.

However, when I use VNC Viewer, it does not. I am looking for a solution to this and when I have one I will edit this post.