# Two-factor authentication to the server via ssh

In this series of mini articles, we continue to describe how to deploy high-availability and secure Chainlink node. In this article we describe how to enable 2FA on the Guard VM server via ssh.

### Initial Setup

<figure><img src="https://cdn-images-1.medium.com/max/1600/1*wo64rPK3q7NfA4meYKILrA.png" alt=""><figcaption></figcaption></figure>

Note: If you get “permission denied” when running the command, use vim and add.

<figure><img src="https://cdn-images-1.medium.com/max/1600/1*Y7GOO4uOiAJaHeWQnnmTLw.png" alt=""><figcaption></figcaption></figure>

### **Setting up Google Authenticator**

<figure><img src="https://cdn-images-1.medium.com/max/1600/1*Apoi8Lb0FtvtJwj4MUrlUg.png" alt=""><figcaption></figcaption></figure>

And answer according to the pattern:

* Make tokens “time-base”: yes
* Update the .google\_authenticator file: yes
* Disallow multiple uses: yes
* Increase the original generation time limit: no
* Enable rate-limiting: yes

With the received data (scan qr or secret key), create a new Google Authenticator account.

If you add it manually:

* Account: arbitrary name-service ID
* Key: Your new secret key

#### **Enable mandatory verification of Google Authenticator on the server**

<figure><img src="https://cdn-images-1.medium.com/max/1600/1*hFgtQ3RwuZuokcdPFS8J2A.png" alt=""><figcaption></figcaption></figure>

Now the server can only be accessed via ssh key and google authenticator code.

### **Sources:**

1. <https://ubuntu.com/tutorials/configure-ssh-2fa#1-overview>
2. <https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04>