Setting Up Google Authentication for SSH on a Linux Server

Step 1: Install Google Authenticator

Install the Google Authenticator package:

sudo apt install libpam-google-authenticator

Run the Google Authenticator setup:
```
google-authenticator
```
Answer the prompts:
- "Do you want authentication tokens to be time-based (y/n)?": Type y and press Enter.
- Backup Codes: Write down the emergency scratch codes provided and store them in a safe place.
- "Do you want me to update your "/home/username/.google_authenticator" file?": Type y and press Enter.
- "Do you want to disallow multiple uses of the same authentication token? (y/n)": Type y and press Enter.
- "By default, tokens are good for 30 seconds. Do you want to increase the time skew window to 4 minutes? (y/n)": Type n and press Enter.
- "Do you want to enable rate-limiting protection? (y/n)": Type y and press Enter.
Scan the QR code: Use the Google Authenticator app on your phone to scan the QR code displayed on your terminal.

Add the following line at the end of the file:

auth required pam_google_authenticator.so nullok

Edit the SSH daemon configuration file:
```
sudo vim /etc/ssh/sshd_config
```
Find and modify the following lines:
- Ensure ChallengeResponseAuthentication is set to yes:
```
ChallengeResponseAuthentication yes
```
- Ensure UsePAM is set to yes:
```
UsePAM yes
```
- (Optional) If you want to require both Google Authenticator and your password, add or modify the line:
```
AuthenticationMethods publickey,password publickey,keyboard-interactive
```

Restart the SSH service to apply the changes:
```
sudo systemctl restart sshd
```

Open a new SSH session to your server.
Log in with your username and password.
When prompted, enter the verification code from your Google Authenticator app.