Only using a password for ssh might make your server a target for ssh brute force password cracking. Adding two factor authentication for ssh on your Ubuntu server makes this a lot harder for potential hackers.
Google provides a tool called Google Authenticator, which is available for both Android and iOS. This tool acts as a code generator for the two factor authentication.
Every time you login via ssh, the server will prompt you for a code which you read from Google Authenticator.
In order to install Google Authenticator execute:
$ sudo apt-get install libpam-google-authenticator
You might get the message:
E: Couldn't find package libpam-google-authenticator
If so you need to install Google Authenticator manually:
first create a temp folder:
$ mkdir ~/tmp
Goto the folder:
$ cd ~/tmp
Download the source from http://google-authenticator.googlecode.com/files/libpam-google-authenticator-1.0-source.tar.bz2:
$ wget http://google-authenticator.googlecode.com/files/libpam-google-authenticator-1.0-source.tar.bz2
Extract the source:
$ tar -jxvf libpam-google-authenticator-1.0-source.tar.bz2
Goto the extracted source folder:
$ cd libpam-google-authenticator-1.0
Build the sourcecode:
$ sudo make
Your build might fail because of a missing pam library. If so, install the library:
$ sudo apt-get install libpam0g-dev
Try to build the sourcecode again:
$ sudo make
Install the binary:
$ sudo make install
Run Google Authenticator as your user (NOT AS ROOT):
Follow the on screen instructions and note the key, verification codes and emergency keycodes.
Install Google Authenticator to your smartphone and create a new account using your key.
Open your pam.d config:
$ sudo nano /etc/pam.d/sshd
auth required pam_google_authenticator.so
Open your sshd_config and set ChallengeResponseAuthentication from no to yes:
Restart your sshd:
$ sudo service ssh restart
You should now be prompted for a verification code once you try to login with ssh.