[root@localhost ~]# yum install make gcc pam-devel  -y   #在安装之前，考虑到由于源码包在安装的时候有依赖性，所以在此一次性解决，至于为什么要安装这些，大家也可以先不安装，然后一步步实验，系统会提示，大家可以慢慢解决

[root@localhost ~]# ls
libpam-google-authenticator-1.0-source.tar.bz2 
[root@localhost ~]# tar xvfvj libpam-google-authenticator-1.0-source.tar.bz2  #软件包的解压
-rw-rw-r-- root/root      2471 2012-05-14 21:32 libpam-google-authenticator-1.0/base32.c
drwxr-xr-x                  Creating directory: libpam-google-authenticator-1.0
-rw-rw-r-- root/root      4737 2012-05-14 21:32 libpam-google-authenticator-1.0/demo.c
-rw-rw-r-- root/root     24608 2012-05-14 21:32 libpam-google-authenticator-1.0/google-authenticator.c
-rw-rw-r-- root/root      2495 2012-05-14 21:32 libpam-google-authenticator-1.0/hmac.c
-rw-rw-r-- root/root     48300 2012-05-14 21:32 libpam-google-authenticator-1.0/pam_google_authenticator.c
-rw-rw-r-- root/root     19257 2012-05-14 21:32 libpam-google-authenticator-1.0/pam_google_authenticator_unittest.c
-rw-rw-r-- root/root     11201 2012-05-14 21:32 libpam-google-authenticator-1.0/sha1.c
-rw-rw-r-- root/root      1387 2012-05-14 21:32 libpam-google-authenticator-1.0/base32.h
-rw-rw-r-- root/root       919 2012-05-14 21:32 libpam-google-authenticator-1.0/hmac.h
-rw-rw-r-- root/root      1189 2012-05-14 21:32 libpam-google-authenticator-1.0/sha1.h
-rw-rw-r-- root/root      9422 2012-05-14 21:32 libpam-google-authenticator-1.0/totp.html
-rw-rw-r-- root/root      4915 2012-05-14 21:32 libpam-google-authenticator-1.0/Makefile
-rw-rw-r-- root/root      2632 2012-05-14 21:32 libpam-google-authenticator-1.0/FILEFORMAT
-rw-rw-r-- root/root      4519 2012-05-14 21:32 libpam-google-authenticator-1.0/README
drwxrwxr-x root/root         0 2012-05-14 21:32 libpam-google-authenticator-1.0/utc-time/
-rw-rw-r-- root/root       125 2012-05-14 21:32 libpam-google-authenticator-1.0/utc-time/app.yaml
-rw-rw-r-- root/root       300 2012-05-14 21:32 libpam-google-authenticator-1.0/utc-time/utc-time.py
[root@localhost ~]# ls
 libpam-google-authenticator-1.0  libpam-google-authenticator-1.0-source.tar.bz2  Templates

[root@localhost ~]# cd libpam-google-authenticator-1.0/
[root@localhost libpam-google-authenticator-1.0]# ls
base32.c                hmac.c                               README
base32.h                hmac.h                               sha1.c
demo.c                  Makefile                             sha1.h
FILEFORMAT              pam_google_authenticator.c           totp.html
google-authenticator.c  pam_google_authenticator_unittest.c  utc-time
[root@localhost libpam-google-authenticator-1.0]# make
gcc --std=gnu99 -Wall -O2 -g -fPIC -c  -fvisibility=hidden  -o google-authenticator.o google-authenticator.c
gcc --std=gnu99 -Wall -O2 -g -fPIC -c  -fvisibility=hidden  -o base32.o base32.c
gcc --std=gnu99 -Wall -O2 -g -fPIC -c  -fvisibility=hidden  -o hmac.o hmac.c
gcc --std=gnu99 -Wall -O2 -g -fPIC -c  -fvisibility=hidden  -o sha1.o sha1.c
gcc -g   -o google-authenticator google-authenticator.o base32.o hmac.o sha1.o  -ldl
gcc --std=gnu99 -Wall -O2 -g -fPIC -c  -fvisibility=hidden  -o pam_google_authenticator.o pam_google_authenticator.c
gcc -shared -g   -o pam_google_authenticator.so pam_google_authenticator.o base32.o hmac.o sha1.o -lpam
gcc --std=gnu99 -Wall -O2 -g -fPIC -c  -fvisibility=hidden  -o demo.o demo.c
demo.c: In function ‘pam_get_item’:
demo.c:88:36: warning: argument to ‘sizeof’ in ‘memcpy’ call is the same expression as the source; did you mean to remove the addressof? [-Wsizeof-pointer-memaccess]
       memcpy(item, &service, sizeof(&service));
                                    ^
demo.c:93:33: warning: argument to ‘sizeof’ in ‘memcpy’ call is the same expression as the source; did you mean to remove the addressof? [-Wsizeof-pointer-memaccess]
       memcpy(item, &user, sizeof(&user));
                                 ^
gcc -DDEMO --std=gnu99 -Wall -O2 -g -fPIC -c  -fvisibility=hidden  -o pam_google_authenticator_demo.o pam_google_authenticator.c
gcc -g   -rdynamic -o demo demo.o pam_google_authenticator_demo.o base32.o hmac.o sha1.o  -ldl
gcc -DTESTING --std=gnu99 -Wall -O2 -g -fPIC -c  -fvisibility=hidden        \
              -o pam_google_authenticator_testing.o pam_google_authenticator.c
gcc -shared -g   -o pam_google_authenticator_testing.so pam_google_authenticator_testing.o base32.o hmac.o sha1.o -lpam
gcc --std=gnu99 -Wall -O2 -g -fPIC -c  -fvisibility=hidden  -o pam_google_authenticator_unittest.o pam_google_authenticator_unittest.c
pam_google_authenticator_unittest.c: In function ‘pam_get_item’:
pam_google_authenticator_unittest.c:76:36: warning: argument to ‘sizeof’ in ‘memcpy’ call is the same expression as the source; did you mean to remove the addressof? [-Wsizeof-pointer-memaccess]
       memcpy(item, &service, sizeof(&service));
                                    ^
pam_google_authenticator_unittest.c:81:33: warning: argument to ‘sizeof’ in ‘memcpy’ call is the same expression as the source; did you mean to remove the addressof? [-Wsizeof-pointer-memaccess]
       memcpy(item, &user, sizeof(&user));
                                 ^
gcc -g   -rdynamic -o pam_google_authenticator_unittest pam_google_authenticator_unittest.o base32.o hmac.o sha1.o -lc  -ldl
[root@localhost libpam-google-authenticator-1.0]# ls  #make后生成一些列的.so文件
base32.c                    pam_google_authenticator_demo.o
base32.h                    pam_google_authenticator.o
base32.o                    pam_google_authenticator.so   
demo                        pam_google_authenticator_testing.o
demo.c                      pam_google_authenticator_testing.so
demo.o                      pam_google_authenticator_unittest
FILEFORMAT                  pam_google_authenticator_unittest.c
google-authenticator        pam_google_authenticator_unittest.o
google-authenticator.c      README
google-authenticator.o      sha1.c
hmac.c                      sha1.h
hmac.h                      sha1.o
hmac.o                      totp.html
Makefile                    utc-time
pam_google_authenticator.c
[root@localhost libpam-google-authenticator-1.0]# make install  #安装软件
cp pam_google_authenticator.so /lib64/security
cp google-authenticator /usr/local/bin
[root@localhost libpam-google-authenticator-1.0]# vim /etc/pam.d/sshd   #让ssh以支持我们的插件

auth       required     pam_google_authenticator.so   #修改第二行为此


[root@localhost libpam-google-authenticator-1.0]# vim /etc/ssh/sshd_config  #修改ssh主配置文件


ChallengeResponseAuthentication yes    #将原来的no改为yes
 
[root@localhost libpam-google-authenticator-1.0]# systemctl restart sshd.service  #重启服务
[root@localhost libpam-google-authenticator-1.0]# google-authenticator  #安装完成后系统会有一个这样的命令以与手机绑定
Do you want authentication tokens to be time-based (y/n) y
|0&cht=qr&chl=otpauth://totp/root@localhost%3Fsecret%3DMLZOXL5HIX6VYXAA

此处会生成一个二维码，在此不做展示，大家可以到google play中下载扫码软件，扫码就可以与手机绑定，不需要输入下面的长长的字符，非常方便


Your new secret key is: MLZOXL5HIX6VYXAA  #手机绑定过程中需要输入的验证码，重要
Your verification code is 792299
Your emergency scratch codes are:   #找回时需要的密匙
  62189051
  67623626
  11480665
  11203060
  49277372

Do you want me to update your "/root/.google_authenticator" file (y/n) y

Do you want to disallow multiple uses of the same authentication
token? This restricts you to one login about every 30s, but it increases
your chances to notice or even prevent man-in-the-middle attacks (y/n) y

By default, tokens are good for 30 seconds and in order to compensate for
possible time-skew between the client and the server, we allow an extra
token before and after the current time. If you experience problems with poor
time synchronization, you can increase the window from its default
size of 1:30min to about 4min. Do you want to do so (y/n) n

If the computer that you are logging into isn't hardened against brute-force
login attempts, you can enable rate-limiting for the authentication module.
By default, this limits attackers to no more than 3 login attempts every 30s.
Do you want to enable rate-limiting (y/n) y