1

I've been trying to set up 2FA with Google Authenticator on Ubuntu to protect sudo. I followed the steps at https://blog.jitendrapatro.me/configuring-two-factor-authentication-for-su-and-sudo/ and was able to see my commands 'sudo touch /test' being protected, i.e. I would be prompted for my Google Authenticator verification code. However, the article says the following, which seems to imply to me that it's pretty easy to bypass the 2FA:

There are three downsides to this. First, 2FA needs to be enabled for the user account or there will be no prompt for entering verification code. Second, the switching to any user from root now will require to enter the verification code for that user, which is not so convenient anymore even if you’re root! Third and most important of all is you can just use “sudo -s” and get a root shell completely bypassing su! 🙂

Likewise, I was able to run sudo -i and bypass 2FA. Any way to prevent this bypassing? What am I missing?

Improve this question
3
  • Please include in your post the PAM files you have modified. Explain in the accompanying description what changes you made. (It's possible you might have missed a step in the linked instructions, hence the request to show us what you have, not what the instructions expect you to have.) Commented Jul 14 at 9:01
  • 1
    Ubuntu (and Debian) since some time (possibly sudo 1.9.6-1~exp2) have a separate /etc/pam.d/sudo-i file Commented Jul 14 at 16:24
  • I ended up not needing this; ended up putting files in common-auth, precluding the need to update these files mentioned in the linked article. Commented Jul 24 at 19:35

1 Answer 1

Reset to default
0

I ended up not needing this; ended up putting files in common-auth, precluding the need to update these files mentioned in the linked article https://blog.jitendrapatro.me/configuring-two-factor-authentication-for-su-and-sudo/.

Improve this answer
0

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.