Alright, so my phone broke which means I lost access to my authentication App on my phone which ultimately meant I could not ssh into my bastian instance which was my gateway to all my other instances. To regain access to my bastian, I have to remove google authenticator from the instance.

First thing you will need to do, is get access to the disk or volume of the bastian. To do this, I stopped the bastian, detached the volume and attached the volume to a recovery instance. Once attached, I ssh’d into the recovery instance and mounted the root volume from the bastian to /mnt as a temp mount point. I then did a $chroot on /mnt and then I did the following:

Step 1:

Disable ChallengeResponseAuthentication within your SSH configuration:

user@server:~$ vi /etc/ssh/sshd_config

Change the value from yes to no

ChallengeResponseAuthentication no

Save the changes.

Step 2:

Change your /etc/pam.d/ssh configuration:

user@server:~$ vi /etc/pam.d/sshd

Remove or comment-out the following line:

auth required pam_google_authenticator.so

Save the changes.

Step 3:

Remove the .google_authenticator file from each of the home directories of users that you used the Google authenticator app for.

user@server:~$ rm .google_authenticator

Step 4:

Restart the SSH daemon.

user@server:~$ sudo /etc/ssh/ssh restart

And boom, you in. Worked for me, should work for you.

Leave a Reply

Your email address will not be published. Required fields are marked *