{"id":1012,"date":"2014-01-21T08:00:47","date_gmt":"2014-01-21T15:00:47","guid":{"rendered":"https:\/\/www.jumpcloud.com\/?p=1012"},"modified":"2023-08-31T10:01:11","modified_gmt":"2023-08-31T14:01:11","slug":"sharing-google-authenticator-secret-keys-across-servers","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers","title":{"rendered":"Sharing Google Authenticator Secret Keys Across Servers"},"content":{"rendered":"\n

Google Authenticator<\/a> is pretty great. It allows me as an administrator to setup and configure multi-factor authentication into my UNIX boxes without having to spend money on a tool like YubiKey or RSA tokens.<\/span><\/p>\n\n\n\n

It’s easy to set up on any type of phone – no specialized hardware or dongles needed. It’s also pretty cool in that you don’t have to have network access from the server to the outside world. Since Google Authenticator is time-based, it doesn’t need to send an SMS or do a call out to a centralized server to get the current valid token.<\/span><\/p>\n\n\n\n

We are particularly fond of Google Authenticator because we leverage it for our multi-factor auth within JumpCloud\u2019s Directory-as-a-Service<\/a>\u00ae platform. IT admins can set MFA access to the JumpCloud<\/a>\u00ae user and admin consoles. Additionally, system level MFA can be instituted for Linux<\/a> and Mac devices<\/a> (Windows is coming soon!).<\/span><\/p>\n\n\n\n\n

\n
\n \"JumpCloud\"\n <\/div>\n
\n

\n <\/p>\n

\n Securely connect to any resource using Google Workspace and JumpCloud. <\/p>\n <\/div>\n

\n Learn More<\/a>\n <\/div>\n<\/div>\n\n\n\n\n

What is a bit painful, though, is having to have a different Google Authenticator token for every one of my servers. The standard setup would have you run the google-authenticator command on each and have as many tokens as you have servers. Obviously, this quickly becomes unwieldy and untenable.<\/span><\/p>\n\n\n\n

Instead, I want to have one Google Authenticator token for multiple servers. Here’s how I installed and configured Google Authenticator on each system<\/span><\/p>\n\n\n\n

First Machine <\/span><\/h4>\n\n\n\n

My first machine I’m going to install<\/span> Google Authenticator and create a secret key – the exact flow I’d use normally.<\/span><\/p>\n\n\n\n

1 – Install Google Authenticator. This is pretty well documented, examples at<\/span> untrusted connection<\/a> and How-To Geek<\/a><\/span>. I won’t walk through each step since this part varies from OS to OS – the rest of the steps are identical however.<\/span><\/p>\n\n\n\n

$ sudo apt-get install libpam-google-authenticator\n\u2026<\/pre>\n\n\n\n
2 – Restart the ssh service<\/p>\n\n\n\n
$ sudo restart ssh<\/pre>\n\n\n\n
3 – Run the google-authenticator command to generate a secret key for your account which you’ll store in your phone. This information will be stored in a configuration file that we’re going to get into later. I don’t need to comment that you actually have to enter the secret key into your phone, do I?<\/span><\/p>\n\n\n\n
$ google-authenticator\nYour new secret key is: HZGVGLVG2ES4N5DW\nYour verification code is 352297\nYour emergency scratch codes are:\n45850250\n14934076\n63800816\n93689045\n82870703<\/pre>\n\n\n\n
4 – Give it a spin. From another shell go ahead and try it out.<\/p>\n\n\n\n
$ssh topher@192.168.56.101\nPassword:\nVerification code:\nWelcome to Ubuntu 12.04.3 LTS (GNU\/Linux 3.8.0-29-generic i686)<\/pre>\n\n\n\n
5 – Let’s take a look at the configuration file. We’re going to copy these contents to our other machines that we want to have the same secret key.<\/span><\/p>\n\n\n\n
$ cat ~\/.google_authenticator\nHZGVGLVG2ES4N5DW\n” TOTP_AUTH\n45850250\n14934076\n63800816\n93689045\n82870703<\/pre>\n\n\n\n
Installing Google Authenticator On Additional Machines<\/h4>\n\n\n\n
For all other machines I’m going to install Google Authenticator as normal, but I’m going to use the secret key from the first machine. This will let me log into each of them using that same secret key that I stored from the first machine.<\/span><\/p>\n\n\n\n
1 – Install Google Authenticator. Again, other places describe this in detail. We’re going to install the program but not do the creation of any secret keys<\/span><\/p>\n\n\n\n
$ sudo apt-get install libpam-google-authenticator \n\u2026<\/pre>\n\n\n\n
2 – Create the configuration file and add the content that we got from the other machine:<\/p>\n\n\n\n
$ cat ->> ~\/.google_authenticator\nHZGVGLVG2ES4N5DW\n” TOTP_AUTH\n45850250\n14934076\n63800816\n93689045\n82870703\n<ctrl-D><\/pre>\n\n\n\n
3 – Set permissions for the configuration file.<\/p>\n\n\n\n
$ chmod 400 ~\/.google_authenticator<\/pre>\n\n\n\n
4 – Restart the ssh service.<\/p>\n\n\n\n
$ service ssh restart<\/pre>\n\n\n\n
5 – Test the login<\/p>\n\n\n\n
$ ssh topher@192.168.56.101\nPassword:\nVerification code:\nWelcome to Ubuntu 12.04.3 LTS (GNU\/Linux 3.8.0-29-generic i686)<\/pre>\n\n\n\n
Voila! A shared Google Authenticator secret key across my servers! Happy day.<\/p>\n","protected":false},"excerpt":{"rendered":"
https:\/\/live-jc-marketing-site.pantheonsite.io\/wp\/wp-admin\/post.php?post=1012&action=edit<\/p>\n","protected":false},"author":9,"featured_media":1239,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[23],"tags":[],"collection":[],"platform":[],"funnel_stage":[3016],"coauthors":[2511],"acf":[],"yoast_head":"\nSharing Google Authenticator Secret Keys Across Servers - JumpCloud<\/title>\n<meta name=\"description\" content=\"Google Authenticator allows an administrator to setup and configure multi-factor authentication into my UNIX boxes without having to spend money on a tool.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Sharing Google Authenticator Secret Keys Across Servers\" \/>\n<meta property=\"og:description\" content=\"Google Authenticator allows an administrator to setup and configure multi-factor authentication into my UNIX boxes without having to spend money on a tool.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2014-01-21T15:00:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-31T14:01:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2014\/01\/Google-Authenticator-icon.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1\" \/>\n\t<meta property=\"og:image:height\" content=\"1\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Rajat Bhargava\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rajat Bhargava\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers\"},\"author\":{\"name\":\"Rajat Bhargava\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/bda984539a66b23f47085df4f41635ba\"},\"headline\":\"Sharing Google Authenticator Secret Keys Across Servers\",\"datePublished\":\"2014-01-21T15:00:47+00:00\",\"dateModified\":\"2023-08-31T14:01:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers\"},\"wordCount\":537,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2014\/01\/Google-Authenticator-icon.png\",\"articleSection\":[\"Best Practices\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers\",\"url\":\"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers\",\"name\":\"Sharing Google Authenticator Secret Keys Across Servers - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2014\/01\/Google-Authenticator-icon.png\",\"datePublished\":\"2014-01-21T15:00:47+00:00\",\"dateModified\":\"2023-08-31T14:01:11+00:00\",\"description\":\"Google Authenticator allows an administrator to setup and configure multi-factor authentication into my UNIX boxes without having to spend money on a tool.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2014\/01\/Google-Authenticator-icon.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2014\/01\/Google-Authenticator-icon.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Sharing Google Authenticator Secret Keys Across Servers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/bda984539a66b23f47085df4f41635ba\",\"name\":\"Rajat Bhargava\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/be4a33b774a839755d850c80fafe3427\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/bf74832070f694ca8ecf307f64295d14?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/bf74832070f694ca8ecf307f64295d14?s=96&d=mm&r=g\",\"caption\":\"Rajat Bhargava\"},\"description\":\"Rajat Bhargava is an entrepreneur, investor, author, and CEO and co-founder of JumpCloud. An MIT graduate with over two decades of high-tech experience, Rajat is a ten-time entrepreneur with six exits including two IPOs and four trade sales.\",\"sameAs\":[\"https:\/\/jumpcloud.com\/blog\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Sharing Google Authenticator Secret Keys Across Servers - JumpCloud","description":"Google Authenticator allows an administrator to setup and configure multi-factor authentication into my UNIX boxes without having to spend money on a tool.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers","og_locale":"en_US","og_type":"article","og_title":"Sharing Google Authenticator Secret Keys Across Servers","og_description":"Google Authenticator allows an administrator to setup and configure multi-factor authentication into my UNIX boxes without having to spend money on a tool.","og_url":"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers","og_site_name":"JumpCloud","article_published_time":"2014-01-21T15:00:47+00:00","article_modified_time":"2023-08-31T14:01:11+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2014\/01\/Google-Authenticator-icon.png","width":1,"height":1,"type":"image\/png"}],"author":"Rajat Bhargava","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rajat Bhargava","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers"},"author":{"name":"Rajat Bhargava","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/bda984539a66b23f47085df4f41635ba"},"headline":"Sharing Google Authenticator Secret Keys Across Servers","datePublished":"2014-01-21T15:00:47+00:00","dateModified":"2023-08-31T14:01:11+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers"},"wordCount":537,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2014\/01\/Google-Authenticator-icon.png","articleSection":["Best Practices"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers","url":"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers","name":"Sharing Google Authenticator Secret Keys Across Servers - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2014\/01\/Google-Authenticator-icon.png","datePublished":"2014-01-21T15:00:47+00:00","dateModified":"2023-08-31T14:01:11+00:00","description":"Google Authenticator allows an administrator to setup and configure multi-factor authentication into my UNIX boxes without having to spend money on a tool.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2014\/01\/Google-Authenticator-icon.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2014\/01\/Google-Authenticator-icon.png"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/sharing-google-authenticator-secret-keys-across-servers#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Sharing Google Authenticator Secret Keys Across Servers"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/bda984539a66b23f47085df4f41635ba","name":"Rajat Bhargava","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/be4a33b774a839755d850c80fafe3427","url":"https:\/\/secure.gravatar.com\/avatar\/bf74832070f694ca8ecf307f64295d14?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/bf74832070f694ca8ecf307f64295d14?s=96&d=mm&r=g","caption":"Rajat Bhargava"},"description":"Rajat Bhargava is an entrepreneur, investor, author, and CEO and co-founder of JumpCloud. An MIT graduate with over two decades of high-tech experience, Rajat is a ten-time entrepreneur with six exits including two IPOs and four trade sales.","sameAs":["https:\/\/jumpcloud.com\/blog"]}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/1012"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=1012"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/1012\/revisions"}],"predecessor-version":[{"id":96949,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/1012\/revisions\/96949"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/1239"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=1012"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=1012"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=1012"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=1012"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=1012"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=1012"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=1012"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}