Implementation of Multi-Factor Authentication and One-Time Password for Debian Remote Server Administration
DOI:
https://doi.org/10.59934/jaiea.v5i3.2574Keywords:
Debian,server security, Multi Factor Authentication (MFA), One Time Password (OTP), SSHAbstract
Server security is an important aspect of information technology infrastructure management because servers function as data storage centers and providers of network services. In practice, server administration is commonly performed remotely through the Secure Shell (SSH) protocol. Although SSH provides encrypted communication, authentication based solely on usernames and passwords still has several weaknesses, such as vulnerability to brute force attacks, credential theft, phishing, and unauthorized access. Therefore, an additional security mechanism is needed to strengthen server administrator access protection.
This study aims to implement Multi Factor Authentication (MFA) and One Time Password (OTP) for Debian-based remote server administration. The research methods include problem identification, literature review, system design, implementation, testing, and evaluation. The implementation was carried out by integrating Google Authenticator with SSH services through the Pluggable Authentication Module (PAM).
The results indicate that MFA and OTP successfully add an extra layer of security to the administrator authentication process. In addition to entering a username and password, users are required to provide a unique OTP code that is valid only for a limited period. Testing results show that the system is capable of rejecting login attempts that fail to meet one of the authentication factors. Therefore, the implementation of MFA and OTP is effective in reducing the risk of unauthorized access caused by password leakage and improving the security of Debian remote server administration.
Downloads
References
E. Diaandisy and D. Risqiwati, “Analysis and Implementation of Multi-Factor Authentication (MFA) to Prevent Brute Force Attacks on Mikrotik SSH,” JIPI (Scientific Journal of Informatics Research and Learning), vol. 10, no. 4, pp. 3872–3885, 2025.
A. Fauzi, I. N. Aprilla, N. Fauziyyah, and N. F. Bachtiar, “Implementation of Multi-Factor Authentication, Single Sign-on and Role-Based Access Control in Information System Security (Literature Review Study),” Fibonacci: Journal of Economics, Management and Finance, vol. 2, no. 1, pp. 33–45, 2025.
M. Huda, Windows & Linux Security Hardening: Best Practices for Data and System Protection, 2025.
A. Imanudin, Proxmox VE-Based Server Virtualization. Excellent Publishing, 2018.
W. B. Lencana, “Implementation of Multi-Factor Authentication on phpMyAdmin,” Journal of Information Technology Education and Information Technology, vol. 2, no. 1, pp. 35–39, 2023.
H. Haeruddin, S. E. Prasetyo, and A. Mindy, “Implementation of Multi-Factor Authentication to Optimize Data Access Security at PT. ABC,” Journal of Informatics Management (JAMIKA), vol. 15, no. 1, 2025.
D. Ariyus and K. R. Andri, Data Communication. Yogyakarta: Andi Publisher, 2022.
T. S. Gunawan, M. Kartiwi, and N. Ismail, “Implementation of Two-Factor Authentication Using Time-Based One-Time Password for Secure Web Application Access,” International Journal of Advanced Computer Science and Applications (IJACSA), vol. 14, no. 3, pp. 112–119, 2023.
R. Hidayat and S. H. Pramono, “Security Analysis of SSH Protocol Against Brute Force Attacks on Linux Operating System,” Journal of Information Technology and Computer Science (JTIIK), vol. 10, no. 2, pp. 245–252, 2023.
D. Kuswanto and B. Setiawan, “Implementation of Network Security Using Two-Factor Authentication Method on Remote Server Services,” Journal of Informatics and Electronic Engineering (JIRE), vol. 5, no. 1, pp. 55–63, 2022.
M. Mufadhol and A. Suharto, “Implementation of PAM (Pluggable Authentication Module) to Improve Login Security on Linux Servers,” Journal of Business Information Systems (JOSIB), vol. 12, no. 1, pp. 1–9, 2022.
A. Prasetyo, A. Wibowo, and D. Kurniawan, “Comparison of Authentication Methods in SSH Services: Password, Public Key, and Multi-Factor Authentication,” National Journal of Electrical Engineering and Information Technology (JNTETI), vol. 12, no. 4, pp. 301–309, 2023.
R. E. Putra and D. P. Lestari, “Evaluation of the Effectiveness of Google Authenticator as a One-Time Password Mechanism in Server Administration Systems,” Scientific Journal of Computer Informatics, vol. 29, no. 1, pp. 18–26, 2024.
W. Stallings, Cryptography and Network Security: Principles and Practice, 8th ed. New Jersey: Pearson Education, 2022.
F. Yulianto and R. Rahmat, “Implementation of Two-Factor Authentication in Web-Based Login System Using TOTP (Time-Based One-Time Password),” RESTI Journal (System Engineering and Information Technology), vol. 7, no. 3, pp. 512–520, 2023.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Journal of Artificial Intelligence and Engineering Applications (JAIEA)

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.








