I have a Mac Mini Server at home and it does a couple of things for me. Hosts the source code for things I write. Serves up a website for my code stuff. And finally it hosts a Minecraft server. So I’ve been monkeying around with it and now want to be able to access remotely.
Option 1: Setup SSH connectivity with Two-Factor authentication (password and key code)
Option 2: Setup SSH connectivity with Keys
Option 3: Setup VPN connectivity.
Personally I don’t have the time/need for VPN so I’m looking at SSH. I hate opening ports on the firewall into my home so I changed the default SSH port to something other than 22. My thinking is that should cloudy up the access.
I’ve already got keys setup on my other machines so putting in option 1 was the easiest. Just had to go in an force SSHD to not accept password, only keys. I figured that keys were more secure and prevented brute force attacks.
I was looking at Google’s two-factor authenticator and it got my gears a spinning. I would love to have it where authentication is first via the SSH Keys and then supplemented with Google’s Authenticator. Got to find a way to enable both. But if I can’t I wonder which would be better???
So I found the following link to someone who has setup Google-Authenticator for a Mac 10.9 system and he did it one step further then I wanted. The setup first requires you to have a correct SSH key pair. If you pass that then you need to provide your account password and the proper authentication code from Google Authenticator. SWEET! I figured that’s about as tight as I can make it.
http://blog.techorganic.com/2014/05/09/multi-factor-authentication-with-ssh-on-os-x/