# Two-factor authentication to the server via ssh

In this series of mini articles, we continue to describe how to deploy high-availability and secure Chainlink node. In this article we describe how to enable 2FA on the Guard VM server via ssh.

### Initial Setup

<figure><img src="https://cdn-images-1.medium.com/max/1600/1*wo64rPK3q7NfA4meYKILrA.png" alt=""><figcaption></figcaption></figure>

Note: If you get “permission denied” when running the command, use vim and add.

<figure><img src="https://cdn-images-1.medium.com/max/1600/1*Y7GOO4uOiAJaHeWQnnmTLw.png" alt=""><figcaption></figcaption></figure>

### **Setting up Google Authenticator**

<figure><img src="https://cdn-images-1.medium.com/max/1600/1*Apoi8Lb0FtvtJwj4MUrlUg.png" alt=""><figcaption></figcaption></figure>

And answer according to the pattern:

* Make tokens “time-base”: yes
* Update the .google\_authenticator file: yes
* Disallow multiple uses: yes
* Increase the original generation time limit: no
* Enable rate-limiting: yes

With the received data (scan qr or secret key), create a new Google Authenticator account.

If you add it manually:

* Account: arbitrary name-service ID
* Key: Your new secret key

#### **Enable mandatory verification of Google Authenticator on the server**

<figure><img src="https://cdn-images-1.medium.com/max/1600/1*hFgtQ3RwuZuokcdPFS8J2A.png" alt=""><figcaption></figcaption></figure>

Now the server can only be accessed via ssh key and google authenticator code.

### **Sources:**

1. <https://ubuntu.com/tutorials/configure-ssh-2fa#1-overview>
2. <https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.oraclelabs.link/blog/articles/two-factor-authentication-to-the-server-via-ssh.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.