There is a very good step by step tutorial on how to set up two-factor authentication for your Raspberry Pi in the included video. I have the step by steps commands listed below.
Go to the terminal and enter this command:
sudo apt update && sudo apt upgrade && sudo apt dist-upgrade
Enable SSH in your raspberry pi config file
Go to the terminal and enter this command to enable the challenge file for SSH. You need to change the # Authentication from no to yes:
sudo nano /etc/ssh/sshd_config
Then hit cntrl x then y then enter to save.
Then you need to restart SSH. Go to the terminal and enter this command:
sudo systemctl restart ssh
Now install Google Authenticator for your Smartphone
Now install the PAM module for your Raspberry Pi. Go to the terminal and enter this command:
sudo apt install libpam-google-authenticator
Now run the Google Authenticator on the command line. Go to the terminal and enter this command:
google-authenticator
Then write down the emergency codes – just in case you need them later.
Then enter YES, YES, NO, YES
Go to the terminal and enter this command:
sudo nano /etc/pam.d/sshd
While in the file, add this command after “@include common-auth”
auth required pam_google_authenticator.so
Then you need to restart SSH. Go to the terminal and enter this command:
sudo systemctl restart ssh
When I use Putty to SSH into my RPI and this works as advertised.
However, when I use VNC Viewer, it does not. I am looking for a solution to this and when I have one I will edit this post.