Two-factor authentication to the server via ssh

In this series of mini articles, we continue to describe how to deploy high-availability and secure Chainlink node. In this article we describe how to enable 2FA on the Guard VM server via ssh.

Initial Setup

Note: If you get “permission denied” when running the command, use vim and add.

Setting up Google Authenticator

And answer according to the pattern:

• Make tokens “time-base”: yes

• Update the .google_authenticator file: yes

• Disallow multiple uses: yes

• Increase the original generation time limit: no

• Enable rate-limiting: yes

With the received data (scan qr or secret key), create a new Google Authenticator account.

If you add it manually:

• Account: arbitrary name-service ID

• Key: Your new secret key

Enable mandatory verification of Google Authenticator on the server

Now the server can only be accessed via ssh key and google authenticator code.

Sources:

1. https://ubuntu.com/tutorials/configure-ssh-2fa#1-overview

2. https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04