[{"data":1,"prerenderedAt":610},["ShallowReactive",2],{"category-data-security":3},[4],{"_path":5,"_dir":6,"_draft":7,"_partial":7,"_locale":8,"title":9,"description":10,"date":11,"image":12,"alt":13,"ogImage":12,"tags":14,"published":20,"body":21,"_type":603,"_id":604,"_source":605,"_file":606,"_stem":607,"_extension":608,"sitemap":609},"/blogs/2fa-almalinux10.1","blogs",false,"","การตั้งค่า 2FA บน AlmaLinux 10.1 (Web Console และ SSH)","คู่มือการเปิดใช้งาน Two-Factor Authentication (2FA) บน AlmaLinux 10.1 ด้วย Google Authenticator เพื่อเพิ่มความปลอดภัยให้กับระบบ","2026-04-11","/blogs-img/blog19.png","การตั้งค่า 2FA บน AlmaLinux 10.1",[15,16,17,18,19],"almalinux","linux","security","2FA","google-authenticator",true,{"type":22,"children":23,"toc":585},"root",[24,33,39,43,49,54,99,108,141,146,149,155,160,174,187,223,228,246,249,255,260,274,279,304,312,340,343,349,356,370,375,395,401,415,420,441,444,450,500,503,509,515,520,526,531,537,542,545,551,556,574,579],{"type":25,"tag":26,"props":27,"children":29},"element","h2",{"id":28},"การตั้งค่า-2fa-บน-almalinux-101",[30],{"type":31,"value":32},"text","🔐 การตั้งค่า 2FA บน AlmaLinux 10.1",{"type":25,"tag":34,"props":35,"children":36},"p",{},[37],{"type":31,"value":38},"การเปิดใช้งาน Two-Factor Authentication (2FA) เป็นวิธีเพิ่มความปลอดภัยให้กับระบบ โดยเฉพาะ Server ที่เปิดใช้งานผ่าน Web Console (Cockpit) และ SSH โดยในคู่มือนี้จะใช้ Google Authenticator ผ่านระบบ PAM (Pluggable Authentication Modules)",{"type":25,"tag":40,"props":41,"children":42},"hr",{},[],{"type":25,"tag":26,"props":44,"children":46},{"id":45},"_1-ติดตั้งแพ็กเกจที่จำเป็น",[47],{"type":31,"value":48},"📦 1. ติดตั้งแพ็กเกจที่จำเป็น",{"type":25,"tag":34,"props":50,"children":51},{},[52],{"type":31,"value":53},"เริ่มต้นด้วยการติดตั้ง Google Authenticator PAM module:",{"type":25,"tag":55,"props":56,"children":60},"pre",{"className":57,"code":58,"language":59,"meta":8,"style":8},"language-bash shiki shiki-themes dracula","sudo dnf install google-authenticator -y\n","bash",[61],{"type":25,"tag":62,"props":63,"children":64},"code",{"__ignoreMap":8},[65],{"type":25,"tag":66,"props":67,"children":70},"span",{"class":68,"line":69},"line",1,[71,77,83,88,93],{"type":25,"tag":66,"props":72,"children":74},{"style":73},"--shiki-default:#50FA7B",[75],{"type":31,"value":76},"sudo",{"type":25,"tag":66,"props":78,"children":80},{"style":79},"--shiki-default:#F1FA8C",[81],{"type":31,"value":82}," dnf",{"type":25,"tag":66,"props":84,"children":85},{"style":79},[86],{"type":31,"value":87}," install",{"type":25,"tag":66,"props":89,"children":90},{"style":79},[91],{"type":31,"value":92}," google-authenticator",{"type":25,"tag":66,"props":94,"children":96},{"style":95},"--shiki-default:#BD93F9",[97],{"type":31,"value":98}," -y\n",{"type":25,"tag":100,"props":101,"children":102},"blockquote",{},[103],{"type":25,"tag":34,"props":104,"children":105},{},[106],{"type":31,"value":107},"หากไม่พบแพ็กเกจ ให้เปิดใช้งาน CRB repository:",{"type":25,"tag":55,"props":109,"children":111},{"className":57,"code":110,"language":59,"meta":8,"style":8},"sudo dnf config-manager --set-enabled crb\n",[112],{"type":25,"tag":62,"props":113,"children":114},{"__ignoreMap":8},[115],{"type":25,"tag":66,"props":116,"children":117},{"class":68,"line":69},[118,122,126,131,136],{"type":25,"tag":66,"props":119,"children":120},{"style":73},[121],{"type":31,"value":76},{"type":25,"tag":66,"props":123,"children":124},{"style":79},[125],{"type":31,"value":82},{"type":25,"tag":66,"props":127,"children":128},{"style":79},[129],{"type":31,"value":130}," config-manager",{"type":25,"tag":66,"props":132,"children":133},{"style":95},[134],{"type":31,"value":135}," --set-enabled",{"type":25,"tag":66,"props":137,"children":138},{"style":79},[139],{"type":31,"value":140}," crb\n",{"type":25,"tag":34,"props":142,"children":143},{},[144],{"type":31,"value":145},"และตรวจสอบว่า EPEL ถูกเปิดใช้งานแล้ว",{"type":25,"tag":40,"props":147,"children":148},{},[],{"type":25,"tag":26,"props":150,"children":152},{"id":151},"_2-ตั้งค่า-google-authenticator",[153],{"type":31,"value":154},"🔑 2. ตั้งค่า Google Authenticator",{"type":25,"tag":34,"props":156,"children":157},{},[158],{"type":31,"value":159},"รันคำสั่ง:",{"type":25,"tag":55,"props":161,"children":163},{"className":57,"code":162,"language":59,"meta":8,"style":8},"google-authenticator\n",[164],{"type":25,"tag":62,"props":165,"children":166},{"__ignoreMap":8},[167],{"type":25,"tag":66,"props":168,"children":169},{"class":68,"line":69},[170],{"type":25,"tag":66,"props":171,"children":172},{"style":73},[173],{"type":31,"value":162},{"type":25,"tag":34,"props":175,"children":176},{},[177,179,185],{"type":31,"value":178},"จากนั้นให้ตอบ ",{"type":25,"tag":62,"props":180,"children":182},{"className":181},[],[183],{"type":31,"value":184},"y",{"type":31,"value":186}," (yes) สำหรับตัวเลือกต่าง ๆ เช่น:",{"type":25,"tag":188,"props":189,"children":190},"ul",{},[191,197,208,213,218],{"type":25,"tag":192,"props":193,"children":194},"li",{},[195],{"type":31,"value":196},"ใช้ token แบบ time-based",{"type":25,"tag":192,"props":198,"children":199},{},[200,202],{"type":31,"value":201},"อัปเดตไฟล์ ",{"type":25,"tag":62,"props":203,"children":205},{"className":204},[],[206],{"type":31,"value":207},".google_authenticator",{"type":25,"tag":192,"props":209,"children":210},{},[211],{"type":31,"value":212},"ไม่ให้ใช้รหัสซ้ำ",{"type":25,"tag":192,"props":214,"children":215},{},[216],{"type":31,"value":217},"เพิ่มช่วงเวลาเผื่อ (time skew)",{"type":25,"tag":192,"props":219,"children":220},{},[221],{"type":31,"value":222},"เปิด rate-limiting",{"type":25,"tag":34,"props":224,"children":225},{},[226],{"type":31,"value":227},"หลังจากนั้นระบบจะให้:",{"type":25,"tag":188,"props":229,"children":230},{},[231,236,241],{"type":25,"tag":192,"props":232,"children":233},{},[234],{"type":31,"value":235},"QR Code (สำหรับสแกนด้วยมือถือ)",{"type":25,"tag":192,"props":237,"children":238},{},[239],{"type":31,"value":240},"Secret Key",{"type":25,"tag":192,"props":242,"children":243},{},[244],{"type":31,"value":245},"Emergency Scratch Codes ⚠️ (สำคัญมาก)",{"type":25,"tag":40,"props":247,"children":248},{},[],{"type":25,"tag":26,"props":250,"children":252},{"id":251},"️-3-ตั้งค่า-2fa-สำหรับ-web-console-cockpit",[253],{"type":31,"value":254},"⚙️ 3. ตั้งค่า 2FA สำหรับ Web Console (Cockpit)",{"type":25,"tag":34,"props":256,"children":257},{},[258],{"type":31,"value":259},"แก้ไขไฟล์:",{"type":25,"tag":55,"props":261,"children":263},{"className":57,"code":262,"language":59,"meta":8,"style":8},"/etc/pam.d/cockpit\n",[264],{"type":25,"tag":62,"props":265,"children":266},{"__ignoreMap":8},[267],{"type":25,"tag":66,"props":268,"children":269},{"class":68,"line":69},[270],{"type":25,"tag":66,"props":271,"children":272},{"style":73},[273],{"type":31,"value":262},{"type":25,"tag":34,"props":275,"children":276},{},[277],{"type":31,"value":278},"เพิ่มบรรทัด:",{"type":25,"tag":55,"props":280,"children":282},{"className":57,"code":281,"language":59,"meta":8,"style":8},"auth required pam_google_authenticator.so\n",[283],{"type":25,"tag":62,"props":284,"children":285},{"__ignoreMap":8},[286],{"type":25,"tag":66,"props":287,"children":288},{"class":68,"line":69},[289,294,299],{"type":25,"tag":66,"props":290,"children":291},{"style":73},[292],{"type":31,"value":293},"auth",{"type":25,"tag":66,"props":295,"children":296},{"style":79},[297],{"type":31,"value":298}," required",{"type":25,"tag":66,"props":300,"children":301},{"style":79},[302],{"type":31,"value":303}," pam_google_authenticator.so\n",{"type":25,"tag":100,"props":305,"children":306},{},[307],{"type":25,"tag":34,"props":308,"children":309},{},[310],{"type":31,"value":311},"หากต้องการให้ user ที่ยังไม่ตั้งค่า 2FA เข้าได้:",{"type":25,"tag":55,"props":313,"children":315},{"className":57,"code":314,"language":59,"meta":8,"style":8},"auth required pam_google_authenticator.so nullok\n",[316],{"type":25,"tag":62,"props":317,"children":318},{"__ignoreMap":8},[319],{"type":25,"tag":66,"props":320,"children":321},{"class":68,"line":69},[322,326,330,335],{"type":25,"tag":66,"props":323,"children":324},{"style":73},[325],{"type":31,"value":293},{"type":25,"tag":66,"props":327,"children":328},{"style":79},[329],{"type":31,"value":298},{"type":25,"tag":66,"props":331,"children":332},{"style":79},[333],{"type":31,"value":334}," pam_google_authenticator.so",{"type":25,"tag":66,"props":336,"children":337},{"style":79},[338],{"type":31,"value":339}," nullok\n",{"type":25,"tag":40,"props":341,"children":342},{},[],{"type":25,"tag":26,"props":344,"children":346},{"id":345},"️-4-ตั้งค่า-2fa-สำหรับ-ssh-แนะนำ",[347],{"type":31,"value":348},"🖥️ 4. ตั้งค่า 2FA สำหรับ SSH (แนะนำ)",{"type":25,"tag":350,"props":351,"children":353},"h3",{"id":352},"แก้ไข-config-ssh",[354],{"type":31,"value":355},"แก้ไข config SSH",{"type":25,"tag":55,"props":357,"children":359},{"className":57,"code":358,"language":59,"meta":8,"style":8},"/etc/ssh/sshd_config\n",[360],{"type":25,"tag":62,"props":361,"children":362},{"__ignoreMap":8},[363],{"type":25,"tag":66,"props":364,"children":365},{"class":68,"line":69},[366],{"type":25,"tag":66,"props":367,"children":368},{"style":73},[369],{"type":31,"value":358},{"type":25,"tag":34,"props":371,"children":372},{},[373],{"type":31,"value":374},"ตั้งค่า:",{"type":25,"tag":55,"props":376,"children":378},{"className":57,"code":377,"language":59,"meta":8,"style":8},"ChallengeResponseAuthentication yes\n",[379],{"type":25,"tag":62,"props":380,"children":381},{"__ignoreMap":8},[382],{"type":25,"tag":66,"props":383,"children":384},{"class":68,"line":69},[385,390],{"type":25,"tag":66,"props":386,"children":387},{"style":73},[388],{"type":31,"value":389},"ChallengeResponseAuthentication",{"type":25,"tag":66,"props":391,"children":392},{"style":79},[393],{"type":31,"value":394}," yes\n",{"type":25,"tag":350,"props":396,"children":398},{"id":397},"แก้ไข-pam-ของ-ssh",[399],{"type":31,"value":400},"แก้ไข PAM ของ SSH",{"type":25,"tag":55,"props":402,"children":404},{"className":57,"code":403,"language":59,"meta":8,"style":8},"/etc/pam.d/sshd\n",[405],{"type":25,"tag":62,"props":406,"children":407},{"__ignoreMap":8},[408],{"type":25,"tag":66,"props":409,"children":410},{"class":68,"line":69},[411],{"type":25,"tag":66,"props":412,"children":413},{"style":73},[414],{"type":31,"value":403},{"type":25,"tag":34,"props":416,"children":417},{},[418],{"type":31,"value":419},"เพิ่ม:",{"type":25,"tag":55,"props":421,"children":422},{"className":57,"code":281,"language":59,"meta":8,"style":8},[423],{"type":25,"tag":62,"props":424,"children":425},{"__ignoreMap":8},[426],{"type":25,"tag":66,"props":427,"children":428},{"class":68,"line":69},[429,433,437],{"type":25,"tag":66,"props":430,"children":431},{"style":73},[432],{"type":31,"value":293},{"type":25,"tag":66,"props":434,"children":435},{"style":79},[436],{"type":31,"value":298},{"type":25,"tag":66,"props":438,"children":439},{"style":79},[440],{"type":31,"value":303},{"type":25,"tag":40,"props":442,"children":443},{},[],{"type":25,"tag":26,"props":445,"children":447},{"id":446},"_5-รีสตาร์ทบริการ",[448],{"type":31,"value":449},"🔄 5. รีสตาร์ทบริการ",{"type":25,"tag":55,"props":451,"children":453},{"className":57,"code":452,"language":59,"meta":8,"style":8},"sudo systemctl restart sshd\nsudo systemctl restart cockpit\n",[454],{"type":25,"tag":62,"props":455,"children":456},{"__ignoreMap":8},[457,479],{"type":25,"tag":66,"props":458,"children":459},{"class":68,"line":69},[460,464,469,474],{"type":25,"tag":66,"props":461,"children":462},{"style":73},[463],{"type":31,"value":76},{"type":25,"tag":66,"props":465,"children":466},{"style":79},[467],{"type":31,"value":468}," systemctl",{"type":25,"tag":66,"props":470,"children":471},{"style":79},[472],{"type":31,"value":473}," restart",{"type":25,"tag":66,"props":475,"children":476},{"style":79},[477],{"type":31,"value":478}," sshd\n",{"type":25,"tag":66,"props":480,"children":482},{"class":68,"line":481},2,[483,487,491,495],{"type":25,"tag":66,"props":484,"children":485},{"style":73},[486],{"type":31,"value":76},{"type":25,"tag":66,"props":488,"children":489},{"style":79},[490],{"type":31,"value":468},{"type":25,"tag":66,"props":492,"children":493},{"style":79},[494],{"type":31,"value":473},{"type":25,"tag":66,"props":496,"children":497},{"style":79},[498],{"type":31,"value":499}," cockpit\n",{"type":25,"tag":40,"props":501,"children":502},{},[],{"type":25,"tag":26,"props":504,"children":506},{"id":505},"️-ข้อควรระวัง",[507],{"type":31,"value":508},"⚠️ ข้อควรระวัง",{"type":25,"tag":350,"props":510,"children":512},{"id":511},"backup-codes",[513],{"type":31,"value":514},"🔐 Backup Codes",{"type":25,"tag":34,"props":516,"children":517},{},[518],{"type":31,"value":519},"เก็บ Emergency Codes ไว้ให้ดี เพราะใช้แทน OTP ได้กรณีมือถือหาย",{"type":25,"tag":350,"props":521,"children":523},{"id":522},"️-เวลาเครื่องต้องตรง",[524],{"type":31,"value":525},"⏱️ เวลาเครื่องต้องตรง",{"type":25,"tag":34,"props":527,"children":528},{},[529],{"type":31,"value":530},"ควรใช้ NTP เพื่อให้เวลา server ตรง ไม่เช่นนั้น OTP จะไม่ทำงาน",{"type":25,"tag":350,"props":532,"children":534},{"id":533},"ปัญหาแพ็กเกจ",[535],{"type":31,"value":536},"📦 ปัญหาแพ็กเกจ",{"type":25,"tag":34,"props":538,"children":539},{},[540],{"type":31,"value":541},"AlmaLinux 10 บางเครื่องอาจยังไม่มี package ต้องเปิด CRB และ EPEL เพิ่ม",{"type":25,"tag":40,"props":543,"children":544},{},[],{"type":25,"tag":26,"props":546,"children":548},{"id":547},"สรุป",[549],{"type":31,"value":550},"✅ สรุป",{"type":25,"tag":34,"props":552,"children":553},{},[554],{"type":31,"value":555},"การเปิดใช้งาน 2FA บน AlmaLinux 10.1 เป็นสิ่งที่ควรทำอย่างยิ่ง โดยเฉพาะระบบที่เปิด SSH หรือ Web Console เพื่อ:",{"type":25,"tag":188,"props":557,"children":558},{},[559,564,569],{"type":25,"tag":192,"props":560,"children":561},{},[562],{"type":31,"value":563},"ลดความเสี่ยงจากการถูก brute-force",{"type":25,"tag":192,"props":565,"children":566},{},[567],{"type":31,"value":568},"เพิ่ม layer ความปลอดภัย",{"type":25,"tag":192,"props":570,"children":571},{},[572],{"type":31,"value":573},"ป้องกันการเข้าถึงโดยไม่ได้รับอนุญาต",{"type":25,"tag":34,"props":575,"children":576},{},[577],{"type":31,"value":578},"แนะนำให้เปิดใช้งานทั้ง Cockpit และ SSH เพื่อความปลอดภัยสูงสุด 🚀",{"type":25,"tag":580,"props":581,"children":582},"style",{},[583],{"type":31,"value":584},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}",{"title":8,"searchDepth":481,"depth":481,"links":586},[587,588,589,590,591,596,597,602],{"id":28,"depth":481,"text":32},{"id":45,"depth":481,"text":48},{"id":151,"depth":481,"text":154},{"id":251,"depth":481,"text":254},{"id":345,"depth":481,"text":348,"children":592},[593,595],{"id":352,"depth":594,"text":355},3,{"id":397,"depth":594,"text":400},{"id":446,"depth":481,"text":449},{"id":505,"depth":481,"text":508,"children":598},[599,600,601],{"id":511,"depth":594,"text":514},{"id":522,"depth":594,"text":525},{"id":533,"depth":594,"text":536},{"id":547,"depth":481,"text":550},"markdown","content:blogs:19.2FA-AlmaLinux10.1.md","content","blogs/19.2FA-AlmaLinux10.1.md","blogs/19.2FA-AlmaLinux10.1","md",{"loc":5},1775888109860]