Updated with version changes: 25OCT2015
Two factor security is becoming a standard for access and authentication. If you think you don’t need it then navigate to System option from WebMin sidebar. Select ‘View’ to check contents from ‘ /var/log/secure’. If you are lucky you will not see any brute-force or invalid login attempts. If you can see it then you know that you need this guide.
To setup two factor, first you will need to install some authentication app which will display a one time password for your logins. There are many apps like Google Authenticator, Authy two factor, ESET secure, SAASPASS, Duo mobile etc. You can download as per preference and your phone. Only problem is WebMin by default comes with Google and Authy as provider. You need to install the packages if you want to use other provider. I will be using Google authenticator.
So let’s get secured.
Login to your WebMin panel and then navigate to WebMin-> WebMin Configuration from sidebar options.
Then click on ‘Two-factor Authentication’ option. This is the master option to start second factor for complete server. Each user needs to complete the enrollment separately from WebMin or the admin user can perform for all.
Choose your authentication provider from the list and hit Save.
Remember that, Admin or Root user is needed to Start the service as above. User can enroll themselves on their own.
Now, we need to enroll the logged user. Select ‘Webmin Users’ from Webmin option in sidebar. Select ‘Two-factor authentication’ from the shown options.
You can either use randomly generated key or put your own key for creating token.
Select ‘Generated randomly’ and click on Enable option. You will be given a secret key code and a QR code as shown,
Fire up your authentication app and scan the QR code, else you can also put the key manually. As soon as this is done, the app on your phone will start to show a six-digit code. Also, in Webmin you will see that selected username has an ‘Asterisk’ on it.
Note: If you can’t see QR code, then you might need to install phpgd, and mcrypt packages on your server.
To confirm that it is working, you will need to logout and then login. You will see that on login screen there is third fill box is available. Just go ahead and try it by entering your Login name, Password and third key which you will get from App.
Let me know your troubles, queries and thoughts via comments. 🙂