Lets face it, passwords are useless. Every day you hear about some random hacker pop'ing a major company and then posting the database that contains the users login and passwords.
In some cases, the passwords are hashed, often they are not. So how can you help from being a part of the problem? Multi-factor authentication is one way to help.
If you have never heard of this before, check out the following link [wikipedia]. However the problem with setting up two factor on your server is that:
A.) It costs a bunch
B.) It's kind of hard if you have never done it before
Enter google authenticator. For a while now, google has allowed you to use a token to login to your google accounts, and they were kind enough to release the API as well.
[google authenticator]
So how do you get this protection on your server? Pretty easy actually. Lets assume you are working on a fresh install.
Now to configure this just enter:
Then update SSHD
Then just type service sshd restart
Now enter the user you want to use this with (You are not seriously going to use root right?!)
When you first start it will give you a URL and some codes, simple copy the URL to your browser and scan the QR code with google authenticator (Android app store or Apple iTunes free download) and boom your good to go.
Before you logout, TEST this by staying in that user account and using ssh localhost
It should ask for "Verification code: " that is what you see on screen.
Hopefully this is helpful, let others know below if this worked for you.
Notes!
The only downside to this is that doing so does not allow you to use public key authentication at the same time.I've actually had issues when trying to do this with a root account, so try to do it with a normal account first.