Home Linux Community Community Blogs

Community Blogs

Linux emergency booting mode and init=/bin/sh

  • Acceder a grub, desplazarse a la línea del kernel que se quiere arrancar. Pulsar "a" (append). Añadir "init=/bin/sh"
  • Cambiar ro por rw, para evitar tener que remontar después /

kernel [...] rw root=/dev/mapper/VolGroup-lv_root [...] rd_LVM_LV=VolGroup/lv_root rd_NO_DM rhgb quiet init=/bin/sh

  • Pulsar INTRO para que arranque el sistema con el kernel que hemos modificado las opciones.
  • Una vez accedemos al sistema (y tenemos / en modo rw), arrancar el demonio udev:

sh-4.1# /sbin/udevd -d

  • Activar los LV's del VG que queremos:

sh-4.1# lvchange -ay system_vg

  • Para reiniciar la máquina, ejecutar:

echo b > /proc/sysrq-trigger


Effect on Boards Service in Slots 7&8 When OSN 1500B Configured with TPS Protection Groups

[Problem Description]
Trigger condition:
The problem described in the pre-warning is triggered when the following four conditions are all met:

1.TPS is triggered or restored by the TPS protection group consisting of transmission boards in slot 12 and 13.

2. The NE type is OptiX OSN 1500B and its version is included in the “Versions Involved” part.

Huawei transmission OSN1500

3. The NE is configured with a TPS protection group consisting of processing boards in slots 12 and 13.

4. The NE is configured with a service processing board that needs work with an interface board in slot 7 or 8, such as SSR1PD1 and SSR2PD1. In addition, services are configured on the board.

The fault scenarios are as follows:
Scenario 1: Boards in slots 12 and 13 form a TPS protection group, and a board in slot 7 or 8 is not configured with TPS protection.
When TPS is triggered by the TPS protection group consisting of boards in slots 12 and 13, services on the board in slot 7 or 8 are interrupted and the T_ALOS alarm is reported. After the TPS is restored, the T_ALOS alarm is cleared and the services on the board are recovered.
Scenario 2: Boards in slots 12 and 13 form a TPS protection group, and a board in slot 7 or 8 is configured with the TPS protection group.
1. TPS is not triggered on the boards in slots 7 and 8:
When the TPS protection group consisting of boards in slots 12 and 13 triggers TPS, services on the boards in slot 7 and 8 are interrupted, and the boards in slots 7 and 8 report the T_ALOS alarm. When the TPS protection group consisting of boards in slots 12 and 13 is restored to the idle state, the T_ALOS alarm is cleared and the services on the boards in slots 7 and 8 are recovered.
2. If TPS is triggered on the board in slot 7 or 8:
When TPS protection group consisting of boards in slots 12 and 13 is restored to the idle state, services on the board in slot 7 or 8 are interrupted and the T_ALOS alarm is reported. When TPS on the board in slot 7 and 8 is restored, the services on the board are recovered and the T_ALOS alarm is cleared.

Identification methods:
The problem described in the pre-warning is triggered when the following three conditions are all met:
1. The NE type is OptiX OSN 1500B and its version is included in the “Versions Involved” part.
2. The NE is configured with TPS protection groups consisting of the service processing boards in slots 12 and 13. In addition, the NE is configured with a service processing board in slot 7 or 8 that needs to work with an interface board (such as SSR1PD1 and SSR2PD1).
3. Services on the boards in slots 7 and 8 are interrupted and the T_ALOS alarm is reported, which is triggered by TPS or TPS restoration in the TPS protection group consisting of boards in slots 12 and 13.
[Root Cause]
The software version has defects. Boards in slot 12 and 13 form a TPS protection group. When TPS is triggered or restored, relays on boards in slots 16 and 17 are switched no matter whether two interface boards are required to be configured on the service processing board in slot 13.
If two interface boards are required by the board in slot 13, the valid slots are slots 16 and 17.
If one interface board is required by the board in slot 13, the valid slot is slot 16.
When a service processing board with an interface board is required by the board in slot 7 or 8 (the interface board is in slot 15 or 17), services on the boards in slots 7 and 8 are affected due to TPS or TPS restoration in the TPS protection group consisting of the boards in slots 12 and 13.

[Impact and Risks]
TPS and TPS restoration will interrupt the services on boards in slots 7 and 8 which are configured with a TPS protection group consisting of boards in slots 12 and 13.
Measures and Solutions
Recovery measures:
It is recommended that you restore TPS for scenario 1 and trigger TPS to ensure that two TPS protection groups are in the idle state for scenario 2.
Currently, there are two methods available for working around the problem.

1. Do not configure TPS protection groups for boards in slots 12 and 13.
2. Configure TPS protection groups for boards in slots 12 and 13 on an OptiX OSN 1500B subrack but do not configure service processing boards or configure service processing boards that do not work with interface boards in slots 7 and 8.


Great Apps to Take Notes

It has often been said that information confers power, and that the most important currency in our culture today is information. Keeping track of my bits and pieces of information has unfortunately been an issue for some years. In part, this is because of my passable short term memory, coupled with what can only be described as 'brain fog'. To combat this, I arm myself with open source software that helps me efficiently capture a lot of information.

<A HREF="">Read more</A>


Patch level release Univention Corporate Server 3.2-3

The latest patch level release UCS 3.2-3 includes all errata updates and an update to Linux kernel version 3.10.11 which involves many bug fixes and improves the hardware support.

Special highlight is the new module "Active Directory Connection", which replaces the previous AD connector for mounting a UCS installation in an AD domain. UCS users can now not only migrate an existing Microsoft server system to UCS but also configure their UCS system as part of an existing AD domain, for example to use UCS as the platform for applications from independent third-party solutions via the Univention App Center. Further highlights are a completely revised system setup wizard, a backport of PHP 5.4.4 and improved replication between OpenLDAP and Samba 4.

Details at: Univention Forum


Cautions for the Failure to Download Configuration Data on OptiX OSN 1500

Abstract: A user fails to download configuration data to an OSN 1500 with an interface board of dynamic ports due to the lack of logical configurations on tributary interface boards. As a result, services may be interrupted.

1:The download fails or partially fails. Dynamic port and service data fail to be downloaded to NEs, as shown in the following figure.


2:The download succeeds. However, the interface board becomes dimmed on the NE Panel. This is only a display issue and does not affect NMS functionality.
Before the download:


After the download:

after the download

Identification Method
The preceding symptoms occur if boards are installed in slots 6 and 7 on the OSN 1500A. (Slots 6 and 7 are used to install interface boards.)
The preceding symptoms occur if boards are installed in slots 14, 15, 16, and 17 on the OSN 1500B. (Slots 14, 15, 16, and 17 are used to install interface boards.)

1.2 [Root Cause]
For earlier versions of OSN 1500A and earlier version of OSN 1500B Interface boards are not applied to NEs due to incorrect logical configurations. As a result, dynamic port and service data fail to be downloaded.
For OSN 1500A and later versions: The NMS does not apply interface boards last. Therefore, if the processing board on which interface board application depends is not added, configuration data fails to be downloaded.

1.3 [Impact and Risks]
1. NE type involved: OSN 1500
Board types affected:
N1D75S, N1D12S, N1D12B, N1MU04, N1TSB8, N1ETF8, N1EFF8, N1EU04, N1OU08, N2OU08, N1EU08, N1TSB4, N1ETS8, N1DM12, N1D34S, N1C34S, L75S, and L12S

2.Scenario 1: The download fails or partially fails. Logical boards are not downloaded to the OSN 1500. As a result, services depending on the logical boards fail to be downloaded and the download process ends.
3.Scenario 2: The download succeeds. However, logical boards are not downloaded to the OSN 1500. This does not affect services and alarm reporting but affects board display.

1.4 [Measures and Solutions]
Preventive Measure
Do not download data to an OSN 1500 with interface boards on the NMS. Use DC to back up and restore the database of the OSN 1500.
Restoration Measure
If an OSN 1500 is equipped with interface boards and the configuration data fails to be downloaded. Perform the following restoration measures:

  •  If the database of the OSN 1500 has been backed up, use DC to restore the database.
  •  If the database of the OSN 1500 has not been backed up, restore the download in either of the following ways:

− Install a patch to resolve this problem and download the configuration data to the OSN 1500 again.
− Change the OSN 1500 to a preconfigured NE on the U2000, record the associated services of its interface boards, delete the interface boards and associated services, then download configuration data to the OSN 1500, and add interface boards and associated services to it.
The problem has been resolved in the following NMS versions:

  • NMS versions involved for the OSN 1500A (earlier versions of and OSN 1500B (earlier versions of

− U2000 V100R005C00CP6032 and later
− U2000 V100R006C00CP3011 and later
− U2000 V100R006C02CP3001 and later

  •  NMS versions involved for the OSN 1500A ( and later):

− U2000 V100R002C01CP5035 and later
− U2000 V100R006C02SPC302 and later


Exciting New Terminal Emulators

Even though Terminator meets all my needs, I am always on the look out for new terminal emulators that might offer a different way of working. In this article, I explore three new terminal emulators. Each of these open source applications are a long way from the finished article. The software featured here are not stable, not feature complete, and should not be used in a production environment. But they have real potential.

<A HREF="">Read on</A>


What is Web signage?

signage graphicWhat is Web signage? It's the future of signage aka DOOH. Powered by Linux.

Allow me to explain.

First generation sign - Static

An etching on a cave wall, to a flashing Neon sign. These are static signs usually fixed to a particular location. Their often cumbersome to replace, though are pretty simple and reliable.

Second generation sign - Digital

Using usually a standard TV screen, a series of images are displayed in rotation or a video is simply looped. Some televisions are capable of being programmed to become a sign, simply by inserting a USB stick. Most solutions sadly fail to provide a polished out of the box solution for this use case, requiring someone to setup the DVD player or re-configure the software on the "SMART TV", every single time that device is power cycled or fails. Awkward.

Even though most "SMART TV"s are powered by Linux, typically TV manufacturers provide no documentation or way to modify the existing software to stream line this relatively simple use case. Which is a shame.

This generation of signage is where we are mostly at the moment. Advertisers like this as they can convey "experiences" well with short clips, sometimes with an annoying sounded message, in rotation. They are usually easy to update, but often they are not for hours at a time, since most of them use a USB stick as their source which manually needs to be swapped out.

Third generation sign - Internet powered

There are many players in the "DOOH" industry vying for your custom, peddaling their own proprietary systems that lock customers onto their particular platform, e.g. BrightSign or Harris are leading examples.

You can recognise these locked in systems easily because they are not Web powered or confusingly embrace and extend the Web.

There are even "opensource" platforms to create signage content, but since they do not use Web standards to layout the content, they should be avoided, as they are effectively locking you into their format only they control.

Note that all you need to configure a proper Web signage operating system is a URL. So switching between Web signage players should be even easier than switching between Chrome & Firefox today.

There are a couple of major stumbling blocks to Web signage, the first being that many advertisers and "DOOH" content producers are really quite poor at creating and managing Web content with information.

The second is that the "Web sign" playback devices are typically clumsily put together boxes running a full screen browser, with no "polish".

I don't have quick solutions to offer for the first problem, though for the second problem, one solution is Webconverger Neon.

It runs Linux. It's opensource It supports a wide range of hardware. It's stable. It keeps the browser upto date, supporting the latest standards like the Web Video Text Tracks Format.

Furthermore Webconverger Neon is polished, if it fails in often hostile outdoor environments, such as a hardware issue of loss of connectivity, it defaults to a black screen. No silly network can't be found messages. No blue screens. No modal dialog boxes. And then network/hardware is restored, it lights back up as best it can as it's retrying in the background.

As for networked Web signage itself, information can be delivered as fast as a Web page takes to load. Images, videos and other HTML useful technologies such as caching can be used to deliver useful information. Just like your favourite Web application.


Hitech-Cloud Hosting Services Sharpening Its Peculiarities on Application Hosting

With the rise of cloud technology, most of the business houses have been seen taking the advantage of this technology. Owing to the rising importance of cloud computing, Hitech-cloud hosting solutions has recently launched application hosting services which is a part of cloud-computing.

According to the research done by the company on 100 small and  medium sized businesses in Texas, United States, 85 percent of the companies outsource application hosting to a hosting service provider, owing to high cost of maintaining IT infrastructure.

Most of the applications used by these companies were Quickbooks, Peachtree, Drake, and Lacerte. On asked, "Why are they opting for Application Hosting services?” The answer from most of the respondents was, hosting application has many advantages like it allows multiple users, to use the same application at the same time, it reduces cost of setting IT infrastructure and also reduces extra manpower.

Mr. Harry Lawrence, Service designer and IT head of Hitech-cloud said " Application hosting technology is a  blessing to all the medium and small sized businesses who cannot afford the high cost of maintaining heavy IT infrastructure, whereas on the other hand, they can outsource the services on minimum payment of monthly rent"

Hitech-cloud hosting services has made a sound revolution by ensuring best quality in its services that helps in boosting the profits of the clients. On the basis of the research made on the 100 companies, the company is coming up with a journal, titled “Application hosting increasing the productivity of small businesses” which will be published shortly. The company is really looking forward to materialize the research and enlighten other companies about the benefits of application hosting. The company strongly believes that its initiatives will be very helpful for small and medium sized business. Through its website called, which was launched in the year 2012, the company is offering better services related to cloud computing.


Top 10 Best Open Source Softwares that Rocks World Wide Web

Top 10 Open Source Softwares that Rocks World Wide Web

Open-source software is also called as OSS, which is a computer software program designed and deployed with its source code made available and licensed with a free license in which the copyright holder provides the rights to an anonymous entity for any purpose. People using OSS can distribute the software to anyone and for any purpose because Open-source software is very often developed in a public, collaborative manner. Open-source software is the most prominent example of open-source development and often compared to (technically defined) user-generated content or (legally defined) open-content movements.

The top Five reasons why individuals or organizations choose open source software are:

1) Lower cost,

2) Security,

3) No vendor 'lock in', and

4) Better quality

5) Transparency

The Open source code modification, redistribution of open-source software reserved under copyright holder according to copyright law. GNU General Public License (GPL), is a good example of it which allows free distribution under the same license for  its free usage. Software licenses grant rights to users, which would otherwise be reserved by copyright law to the copyright holder. Among thousands of  Open source software projects these 10 Open Source Softwares  listed below are the most important and valuable. These are rare software product that has no alternatives and must require.

1) Linux kernel

The Linux kernel is a prominent example of free and open source software. It is a Unix-like operating system released under the GNU General Public License version (GPLv2). Linux wasn't the first open source software project, but it was the powerful community developed by contributors worldwide. The Linux kernel is used by a variety of operating systems based on it, which are usually in the form of Linux distributions. The popularity of Linux Kernel rapidly accumulated developers and users who adopted code from other free software projects for use with the new operating system.

2) GNU Utilities and Compilers

The GNU Project is the flagship of the free software movement and Compiler Collection, which is also named as GNU Compiler Collection (GCC) which is developed by the GNU Project supporting various programming languages. The Free Software Foundation (FSF) distributes GCC under the GNU General Public License (GNU GPL), which is the source of an amazing variety of tools and utilities that, when combined with the Linux kernel, provide a complete operating system.

With the Linux kernel, the GNU utilities and the GNU Compiler Collection make up the holy trinity of the Linux world. As well as being the official compiler of the unfinished GNU operating system, GCC has been adopted as the standard compiler by most other modern Unix-like computer operating systems, including Linux and the BSD family. Versions are also available for Microsoft Windows and other operating systems. GCC is also available for most embedded platforms, including Symbian (called gcce),[6] AMCC, and Freescale Power Architecture-based chips. It is named the GNU C Compiler, because it only handled the C programming language and the compiler was extended to compile C++ in December of that year 1987.

3) Ubuntu

Ubuntu is a Debian-based Linux operating system developed to increase usability and ease of use.  Ubuntu is a free software and named after the Southern African philosophy of Ubuntu (literally, "humanness"), which often is translated as "humanity towards others" or "the belief in a universal bond of sharing that connects all humanity". Ubuntu is the first choice of novice users and PC sellers because its free and no need to pay fees. The Ubuntu project is publicly committed to the principles of open source development; people are encouraged to use free software, study how it works, improve upon it, and distribute it.

According to some metrics, Ubuntu is the most popular desktop Linux distribution. Ubuntu comes installed with a wide range of software that includes LibreOffice, Firefox, Empathy, Transmission, and several lightweight games.

4) BSD Operating Systems

Linux isn't the only popular free open source operating system, there are a number of Unix-like operating systems under active development, named behind BSD (Berkeley Software Distribution). Free BSD, Net BSD and OpenBSD are very famous examples of the BSDs.

FreeBSD is famous for superior reliability and performance. It’s a free Unix-like operating system developed by AT&T UNIX and has more than 200 active developers and thousands of contributors.

NetBSD is a freely redistributable, open source version of the Unix-derivative BSD, computer operating system notable for supporting a wide range of hardware platforms, including embedded systems and mobile devices. NetBSD is famous for its portability and quality of design and implementation, it is often used in embedded systems and as a starting point for the porting of other operating systems to new computer architectures.

OpenBSD is touted as perhaps the most secure Unix-like operating system, with a security audit that never stops. It includes a number of security features absent or optional in other operating systems and has a tradition of developing auditing the source code for software bugs and security problems.

5) Samba

Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy. Samba is a free software re-implementation of the SMB/CIFS networking protocol, originally developed by Andrew Tridgell. Samba bridges the gaps between Linux/Unix and Windows, allowing Unix and Linux servers to provide file and print services to Windows clients, and Linux and Unix clients work with Windows file servers. A Samba host can even serve as the primary domain controller for a Windows network. Samba provides file and print services for various Microsoft Windows clients and can integrate with a Windows Server domain, either as a Primary Domain Controller (PDC) or as a domain member. Samba is released under the terms of the GNU General Public License. The name Samba comes from the SMB (Server Message Block), the name of the standard protocol used by the Microsoft Windows network file system.

6) MySQL

The world's most popular open source database with easy administration, excellent read performance, and transparent support for large text and binary objects make it the top choice for many Web sites. The MySQL development project has made its source code available under the terms of the GNU General Public License, as well as under a variety of proprietary agreements. It is a popular choice of database for use in web applications, and is a central component of the widely used LAMP open source web application acronym for "Linux, Apache, MySQL, Perl/PHP/Python." Free-software-open source projects that require a full-featured database management system often uses MySQL. Applications which use MySQL databases include: TYPO3, MODx, Joomla, WordPress, phpBB, MyBB, Drupal and other software.


BIND is the most popular open source DNS (Domain Name System) server software on the Internet. It works on Unix-like operating systems, it is the de facto standard that implements DNS protocols for the Internet. The Berkeley Internet Name Domain package was originally written at the University of California at Berkeley.  The software consists, most prominently, of the DNS server component, called contracted for name daemon. In addition the suite contains various administration tools, and a DNS resolver interface library. The latest version of BIND is BIND 9, first released in 2000.

8) Sendmail

Sendmail is a general purpose internetwork email routing facility born before the Internet was standardized and supports different kinds of mail-transfer and delivery methods, including the Simple Mail Transfer Protocol (SMTP) used for email transport over the Internet. Sendmail served as the backbone of the Internet mail system throughout the 1980s and 1990s. It has lost ground to Postfix, Qmail, Exim, and Microsoft Exchange in recent years, but still ranks among the most popular MTAs (mail transfer agents). It is a well-known project of the free and open source software and Unix communities. It has spread both as free software and proprietary software.

9) OpenSSH and OpenSSL


OpenSSH is an abbreviation of OpenBSD Secure Shell developed as part of the security conscious OpenBSD project. It is a set of computer programs providing encrypted communication sessions over the Internet using the SSH protocol. It was created as an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security.


OpenSSL is an open-source implementation software package uses strong cryptography. OpenSSH encrypts shell communications to remote computers, addressing the shortcomings in tools such as rlogin and telnet, which send usernames and passwords in clear text. OpenSSL is a software library that allows developers to incorporate SSL or TLS into their Internet applications. It was written in the C programming language, implements the basic cryptographic functions and provides various utility functions. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.

10) Apache

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows. The Web server that puts the A in LAMP is still fast, flexible, and secure, with broad operating system and Web programming language support and hundreds of modules available to extend the functionality. Apache is developed and maintained by an open community of developers under the auspices of the Apache Software Foundation. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.

Apache httpd has been the most popular web server on the Internet and generally used on a Unix-like system, the software is available for a wide variety of operating systems, including Unix, FreeBSD, Linux, Solaris, Novell NetWare, OS X, Microsoft Windows, OS/2, TPF, OpenVMS and eComStation. Released under the Apache License, Apache is open-source software.


Smart Cities Market - A Brief Insight 2013 - 2019

The global Smart Cities Market is expected to reach a value of USD 1,265.85 billion by 2019, growing at a CAGR of 14.0% from 2013 to 2019. Increase in migration from rural to urban areas is the major factor responsible for the growth of smart cities market, globally. North America was the largest contributor to the smart cities market and accounted for a share of 34.5% in 2012. This is mainly attributed to the increasing smart grid investments, upgradation in the water infrastructure and transportation sector. The manufacturers in this region are investing more in smart meters and smart grids to provide an excellent foundation for smart city programs.

Browse the full Smart Cities Market Report at

Among the different application categories, smart transportation segment held the largest share of around 16% in 2012. This was due to the growing demand for advanced traffic management, building a superior environment and reducing the volume of delivery vehicles. At the same time, smart transportation links the modes of transport to improve the traffic flow in both urban and inter-urban networks. Smart transportation system helps in minimizing the economic burden of government by reducing traveling delays and fuel consumption rate. Smart security is the fastest growing segment and is expected to grow at a CAGR of 15.0% during the forecast period from 2013 to 2019. One of the reasons for the growing popularity of smart security is that it avoids third party misuse by imposing high security requirements onto the used technology.
In terms of geography, North America represents largest market for smart cities and is expected to reach a market size of USD 392.41 billion by 2019. The regional governments are taking steps towards reducing the carbon footprint by increasing the use of renewable energy resources. Governments in North America are currently working on an objective to accomplish the target of zero wastage of energy by the year 2020.

Get report sample PDF copy from here:

Some of the major players in smart cities market include Siemens AG, ABB Ltd., IBM Corporation, Hitachi Ltd., Alcatel-Lucent S.A., Honeywell international Inc., Alstom S.A., General Electric Company, Telefonaktiebolaget L. M. Ericsson, Cisco Systems Inc., Oracle Corporation and others.

The global smart cities market is segmented as below:
Smart Cities Market, By Application

  • Smart homes
  • Smart buildings
  • Smart energy management
  • Smart industrial automation
  • Smart healthcare
  • Smart transportation
  • Smart security
  • Others (smart water management, smart education, so on)

Browse the full Smart Cities Market Report Press Release :

Smart Cities Market, By Geography

  • North America
  • Europe
  • Asia Pacific
  • Rest of the World (RoW)

Browse Technology and Media Market Research Reports @



Securing SSH with two factor authentication using Google Authenticator

Securing SSH with two factor authentication using Google Authenticator

Two-step verification (also known as Two-factor authentication, abbreviated to TFA) is a process involving two stages to verify the identity of an entity trying to access services in a computer or in a network. This is a special case of a multi-factor authentication which might involve only one of the three authentication factors (a knowledge factor, a possession factor, and an inheritance factor) for both steps. If each step involves a different authentication factor then the two-step verification is additionally two-factor authentication.
Link to original post:

Google’s two-step verification process

Google was one of the first Internet companies to introduce a two-step verification process. To access a Google service using the two-step verification process, a user has to go through the following two stages:

The first step is to log in using the username and password. This is an application of the knowledge factor.
The implementation of the second step requires a mobile phone or the Google Authenticator application, which is an application of the possession factor.

If the user opts to use a mobile phone, he/she has to register his/her phone number with Google. When one attempts to authenticate with username and password, Google will send via SMS a new, unique code to the phone. Receiving the SMS demonstrates that the user has the phone (or, in the case of GSM like networks the appropriate SIM chip).

If the user opts to use the Google Authenticator (or another supported code generator application), he/she simply opens the application, which generates a new code every 30 seconds. This code is to be entered to complete the log in process. As a backup option in case the registered mobile phone or device running Google Authenticator is lost, stolen, or otherwise unavailable, the user can print a set of static single-use backup codes (also the knowledge factor) and store them in a safe place.

The following are some other sites which offer two-step verification service:

  1. Amazon Web Services
  2. ANX
  4. Apple ID
  5. Authy
  7. Bitstamp
  9. Box
  10. Dropbox
  11. eBay
  12. Etrade
  13. Evernote
  14. Facebook
  15. GitHub
  16. GoDaddy
  17. HootSuite
  18. Lastpass
  19. LinkedIn
  20. LocalBitcoins
  21. Microsoft
  22. MongoLab
  23. Namecheap
  24. PayPal
  25. SocialFlow
  26. timetotrade
  27. Tumblr
  28. Twitter
  29. Viaduct
  30. WordPress
  31. Yahoo! Mail
  33. zoho

Google Authenticator

Google Authenticator implements TOTP security tokens from RFC6238 in mobile apps made by Google, sometimes branded “two-step authentication”. The Authenticator provides a six digit one-time password users must provide in addition to their username and password to log into Google services or other sites. The Authenticator can also generate codes for third party applications, such as password managers or file hosting services. Some versions of the software are open source.
[Source: WikiPedia]

14 - Securing SSH with two factor authentication using Google Authenticator - blackMORE Ops

Note: Google Authenticator doesn’t “call home” to Google — all the work happens on your SSH server and your phone. Google Authenticator is a open-source software, that means you can check the codes yourself. I guess after what happened with openSSL, that’s not a bad idea after all.

In this article I will demonstrate how to secure SSH by setting up Two Factor Authentication (TFA) with Google Authenticator for the following Linux operating systems:

  1. Debian
  2. Ubuntu
  3. Linux Mint
  4. Kali Linux
  5. Red Hat
  6. CentOS
  7. Fedora

Google Authenticator can be used in the following smartphones:

  1. Android,
  2. iOS and
  3. Blackberry.

I am not too sure if you can use this on a Windows Based phone (i.e. new Nokia phones or Windows Mobiles devices). Feel free to try and report back.

App Download Links as follows:

  1. Android:
  2. iOS:
  3. Blackberry:

More detailed per device install instructions can be found on this page:

The implementation is exactly same except for some package name differences. So you can implement this in any Linux Operating System that uses these packages.


Followings are the requirements for using Google Authenticator on your system:

  1. A PC running Linux
  2. A smartphone
  3. A running SSH server on your machine.

In case you don’t have SSH server running, just follow this guide to install openSSH server.

Step 1: Install dependencies for Google Authenticator Module

You need to have either root or sudo privileges on the machine where you want to secure SSH by enabling Two Factor Authention using Google Authenticator. Login to your machine and use the following commands to install required dependency packages:

On Debian, Kali, Ubuntu, Linux Mint (they all are Debian based system that uses aptitude as package manager i.e. apt-get/aptitude)

apt-get install libpam0g-dev

1 - Install dependencies for Google Authenticator PAM module - blackMORE Ops

On Red Hat, CentOS and Fedora (they all are RedHat based where you use yum as the package manager):

yum install pam-devel

That’s it. That should install the necessary dependencies on your system. In case you have a very restricted system where you dont have GCC, make and wget, you can install them using the following command(s):

yum install make gcc wget
apt-get install make gcc wget

Step 2: Download Google Authenticator Module

Google Authenticator is available on GoogleCode website.


You can just copy paste the codes below to download and extract Google Authenticator codes. I personally use Kali Linux, that means I am always logged in as root user, if you’re using any of the other Linux distributions like Debian, Ubuntu, Linux Mint, Red Hat, CentOS or Fedora where you don’t usually login as root user, then you should choose your own directory to download and extract these codes.

To download Source code of the Google Authenticator PAM library module use the following command:

root@kali:~# wget

At the time of writing this article, v1.0 was available.

2 - Download Google Authenticator PAM module from GoogleCode - blackMORE Ops

Now extract your tarball:

root@kali:~# tar -xvf libpam-google-authenticator-1.0-source.tar.bz2

Change directory to the extracted folder:

root@kali:~# cd libpam-google-authenticator-1.0/

3 - Extract Google Authenticator PAM module from GoogleCode - blackMORE Ops

Step 3: Compile and Install Google Authenticator PAM module

So far we’ve installed dependencies, downloaded and extracted Google Authenticator PAM module. Now we need to compile the codes and install compiled software on our system.
use the following command to compile your downloaded source codes:

root@kali:~/libpam-google-authenticator-1.0# make

4 - Compile extracted Google Authenticator PAM module from GoogleCode - blackMORE Ops

Now install Google Authenticator PAM module on your system:

root@kali:~/libpam-google-authenticator-1.0# make install

5 - Install compiled Google Authenticator PAM module from GoogleCode - blackMORE Ops

Step 4: Run and configure Google Authenticator

Just run Google Authenticator PAM module from command line to configure it for your system:

Run Google Authenticator PAM module using the following command:

root@kali:~/libpam-google-authenticator-1.0# google-authenticator

It should present you with bunch of question where you get to choose Y or N . Let’s have a quick look at those questions and the outputs.

Do you want authentication tokens to be time-based (y/n) y|0&cht=qr&chl=otpauth://totp/root@kali%3Fsecret%3DWKHM6UVJNTPYSPTQ
Your new secret key is: WKHM6UVJNTPYSPTQ
Your verification code is 434260
Your emergency scratch codes are:

So on your first question, you get a secret key, Your new secret key is: WKHM6UVJNTPYSPTQ and 5 emergency scratch codes. You use the emergency key on your mobile so that you can get the correct verification code next time you login. Emergency codes are used when you’ve lost your mobile.
Next it asks you if you want to use this for your root account? Me being root users, I’ve chosen Yes.

Do you want me to update your "/root/.google_authenticator" file (y/n) y

Next up, it asks you if you want to disallow multiple uses of the same verification code. Unless you have a good reason not to, choose Yes.

Do you want to disallow multiple uses of the same authentication
token? This restricts you to one login about every 30s, but it increases
your chances to notice or even prevent man-in-the-middle attacks (y/n) y

Next part is time based login. From the point of getting the code on your mobile to typing in to your login prompt, 30 seconds should be more than enough. If you’r time sync is bad on your system or you’ve giving the code to someone over phone or you are a VERY slow keyboard warrior, I see no reason to change it. Select Yes here.

By default, tokens are good for 30 seconds and in order to compensate for
possible time-skew between the client and the server, we allow an extra
token before and after the current time. If you experience problems with poor
time synchronization, you can increase the window from its default
size of 1:30min to about 4min. Do you want to do so (y/n) y

Last up, well, of course we want to enable rate-limiting, by enabling this, you ensure that only 3 login attempts every 30s can be made.

If the computer that you are logging into isn't hardened against brute-force
login attempts, you can enable rate-limiting for the authentication module.
By default, this limits attackers to no more than 3 login attempts every 30s.
Do you want to enable rate-limiting (y/n) y

This finishes your initial setup for Google Authenticator PAM module. Now we need to configure PAM and SSH to actually use this technique. This is really awesome.

6 - Configure google-authenticator PAM module for the first time - blackMORE Ops


Note: Leave this terminal window open (DO NOT CLOSE). We need the codes for next steps.

Step 5: Configure SSH to use Google Authenticator PAM Module

Open your PAM configuration file /etc/pam.d/sshd

root@kali:~# vi /etc/pam.d/sshd

and add the following line:

auth       required

7 - Configure SSHD PAM to use Google Authenticator PAM Module - blackMORE Ops

Next up, open your SSH configuration file /etc/ssh/sshd_config

root@kali:~# vi /etc/ssh/sshd_config

and modify the line containing ChallengeResponseAuthentication no:

ChallengeResponseAuthentication no
(change it to)
ChallengeResponseAuthentication yes

8 - Configure sshd_config PAM to use Google Authenticator PAM Module - blackMORE Ops

To have these changes take effect, restart SSH server:

service ssh restart
service sshd restart
/etc/init.d/ssh restart
/etc/init.d/sshd restart

Why 4 commands? Depending on your Linux distribution, some refers SSH Daemon as SSHD, some as SSH, some got service module installed, some requires you to go into /etc/init.d folder and restart SSH service manually.

Step 6: Configure your SmartPhone for Google Authenticator App

Like I said before, Google Authenticator can be used in the following smartphones:

  1. Android:
  2. iOS:
  3. Blackberry:

More detailed per device install instructions can be found on this page:

Assuming you managed to install the App properly, Launch your Google Authenticator app in your SmartPhone.

From Menu select Set up account

9 - Configure SMARTPhone to use Google Authenticator - blackMORE Ops

Step 6.1: Google Authenticator Setup Account

Remember the secret key you got when you initialized Google-Authenticator PAM module on your computer? I hope you still got that window open. Select Enter provided key.

10 - Select Enter provided key on SMARTPhone to use Google Authenticator - blackMORE Ops

Next window you give it a name (something you can remember or relates to your workstation .. i.e. Home Workstation or My SuperAwesome LinuxBox … I’m going to use blackMORE Ops as the name.

Type in your Secret Key on the next field and click on Add button.

11 - Manually enter name and secret key on SMARTPhone to use Google Authenticator - blackMORE Ops

Once it’s added it will generate a one time verification code (pin number) that will keep changing every 30 seconds.

Step 7: Login to your computer via SSH

Because I am doing all these in the same computer I will just login to localhost (IP: If you got 2 or more machines or VirtualBox/VMWare machines then you can try to login from a different one. One thing to note, you MUST have SSH server running.

In case you don’t have SSH server running, just follow this guide to install openSSH server.

So we type in the following command: (this is where you need to find out your SSH server’s IP address, I’ve shown using localhost or IP but this can be anything from an IP, FQDN or Domain name.)

root@kali:~# ssh

and immediately you see a prompt asking for Verification code. This is your Google Authenticator code that you get from your Google Authenticator Mobile App.

12 - Verification Key on SMARTPhone to use Google Authenticator - blackMORE Ops

Type in the numbers from your SmartPhones Google Authenticator App and then it will prompt your for your password. Type in your password to login now.

13 - Securely SSH and enter Google Authenticator Verification Key and password to login to SSH - blackMORE Ops

If you failed to type in the Verification code within 30 seconds, you have to try the next code shown on your SmartPhones Google Authenticator App. Awesome? Wouldn’t you agree?

Alternatives to Google Authenticator SmartPhone App:

In case you don’t own a SmartPhone or don’t want to use any, you can use the following add-on on your FireFox or IceWeasel browser:

FireFox/IceWeasel App: GAuth Authenticator

15 - Secure SSH with two factor authentication using Google Authenticator from FireFox- blackMORE Ops

Interesting Fact:


Got a response from the dev behind the Google Authenticator add-on for Chrome, Gerard Braad, who explained that Google have taken it down but gave no explanation as to why even after being asked several times.

The Firefox version is still available though and work great. Hopefully he may look into the issue with the Chrome version and re-submit.

Here is the FF version for those wishing to use it:


How about that?

[ Source:!topic/chrome/P9rTLaeyHjg ]


Securing SSH with two factor authentication using Google Authenticator is possibly the best security model you can out there for free. You can always restrict SSH by IP, change port, rate-limit and do all sorts of crazy stuffs. But those who wants to open SSH to the outside world and implement all these extra security models (i.e. Brute-force detection etc.) have to constantly worry about the fact that who is trying is and what you’ve missed while securing your system. Securing SSH with two factor authentication using Google Authenticator possibly relieves you from that worry and you stop getting emails in the middle of the night saying someone tried to login via SSH X amount of times.

Let me know you thoughts and if you’ve found this useful. Thanks for reading and being on my website. Please share. This would be best for System Administrators on any Linux systems.

Page 11 of 150

Upcoming Linux Foundation Courses

  1. LFD312 Developing Applications For Linux
    16 Feb » 20 Feb - Atlanta - GA
  2. LFD331 Developing Linux Device Drivers
    16 Feb » 20 Feb - San Jose - CA
  3. LFS220 Linux System Administration
    16 Feb » 19 Feb - Virtual

View All Upcoming Courses

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board