
Howto remove Google authenticator from SSH logins
Alright, so my phone broke which means I lost access to my authentication App on my phone which ultimately meant I could not ssh into my bastian instance which was my gateway to all my other instances. To regain access to my bastian, I have to remove google authenticator from the instance.
First thing you will need to do, is get access to the disk or volume of the bastian. To do this, I stopped the bastian, detached the volume and attached the volume to a recovery instance. Once attached, I ssh’d into the recovery instance and mounted the root volume from the bastian to /mnt as a temp mount point. I then did a $chroot on /mnt and then I did the following:
Step 1:
Disable ChallengeResponseAuthentication within your SSH configuration:
user@server:~$ vi /etc/ssh/sshd_config
Change the value from yes to no
ChallengeResponseAuthentication no
Save the changes.
Step 2:
Change your /etc/pam.d/ssh configuration:
user@server:~$ vi /etc/pam.d/sshd
Remove or comment-out the following line:
auth required pam_google_authenticator.so
Save the changes.
Step 3:
Remove the .google_authenticator file from each of the home directories of users that you used the Google authenticator app for.
user@server:~$ rm .google_authenticator
Step 4:
Restart the SSH daemon.
user@server:~$ sudo /etc/ssh/ssh restart
And boom, you in. Worked for me, should work for you.
No token or token has expired.