Linux SSH authentication with Google

How to remove orphaned PID files
July 31, 2017
Kill Active SSH Session
Force close active SSH connections after a defined time interval
March 21, 2018
Show all

Linux SSH authentication with Google

Today I decided to play around with the Google two factor authentication method on one of my Linux VMs hosted in Azure.
What this means?
Well, my idea was to have a VM that I ususaly login with my SSH key automatically, to prompt me for a code that changes every 30 seconds.
Google Authenticator offers just that.
So, what do we need?

  • a phone running IOS, Android or Windows (I used my Android phone);
  • an Azure Account – you can get one for free here: (Disclaimer: There’s no refferer included in the link.). You can use, however, your own, locally installed, Linux box or VM, on whichever platform you like or, if you like working in cloud, you can go for whichever cloud provider you like. I just happened to use Azure, for this demo.
  • a linux box (phisical, virtual) to which you have SSH access and “sudo” rights.

So, just to be sure I won’t lock myself out from a production VM, I started by creating a new VM in Azure, using the beautiful and simple Az Cli 2.0

You can obtain the same result by just “pointing & clicking” in the Azure portal following this tutorial:

The commands in Az Cli to create my VM was:

The result will look like (I obfuscated some confidential details, but the essential is there):

AZ Cli create resource group and Linux VM

AZ Cli create resource group and Linux VM

I used a Ubuntu 16.04 but this should work on most Debian based distribution, with small changes. I’ll update the instructions, in time, for other distributions too.

Now, as soon the VM is up & running, you should be able to connect from the same box you ran the AZ Cli commands:

Remember, we created our VM with the testuser and the option to connect via SSH-key that we generated during VM creation.

The SSH key is now saved on the Linux Box we ran the AZ Cli script from, under our user /home/user/.ssh/id_rsa (the private key) and /home/user/.ssh/ (the public key). If you plan to use other boxes to connect to this VM, make sure you have a copy of the keys on the box you need.

Now, from the account that needs to authenticate (e.g. testuser):


google authentiator

Google Authenticator

Now, on your Android phone go to the Google Play and look for Google Authenticator and install it.


Open it on your phone and create a new account (e.g. testVM) and add the code generated above (e.g. ABCO4WERTP3TZ34L). This will generate you a new code every 30 seconds.

Connect from a new console to the testVM:

Everything looks fine 🙂



I’m not responsible in any way if you lock yourself out from your VM by following this tutorial. Everything you do based on this tutorial is solely your responsibility!

However, if it happens, in Azure you can follow this tutorial to reset the SSH access to your VM.

Marin Nedea
Marin Nedea
I'm passionate about open source software and technologies. In my spare time I build simple and functional websites from scratch, using PHP+HTML5+CSS3+MySQL and when I'm bored, I write simple PHP_CLI or bash scripts to play around on my Linux machine.

Leave a Reply