Two Factor Authentication
This guide will take you through everything related to the managment of Two Factor Authentication on your Linux servers. Each user will need to setup Two Factor Authentication on thier account if you have enabled Two Factor Authentication on the Server Group.
Info
If a user does not have Two Factor Authentication setup on their account, then they will not be able to login to any servers that have Two Factor Authentication enabled.
Setup Two Factor Authentication
- Click "Keys and Codes" on the menu and then "Two Factor Auth"
-
If you don't have Two Factor Authentication already setup then you will be prompted to create a new Two Factor Secret. Click "Create"
-
Follow the prompts on screen by clicking "Next" until you are presented with a large QR Code. At this point use your mobile phone and a Two Factor Authentication app to scan the QR code. Each application has a different process to complete this, so we won't detail that here, rather refer to your Two Factor Authentication app documentation
-
A list of Two Factor Authentication apps for Android and iPhone is available here
-
Once you have scanned the QR code you will be given a 6 digit code by the Two Factor Authentication app. Enter in the 6 digit code and click "Next"
-
If you have entered in the code correctly then you will be presented with the successful setup page which lists your Backup Codes. You can use these codes to login to any of the servers in an emergency or if you don't have access to your mobile phone. Store these backup codes in a secure place and do not share them.
-
Click "Finish" to complete the process. Your account is now setup for Two Factor Authentication when connecting to servers that have Two Factor Authentication enabled.
Re-setup Phone
If you have permanently lost your mobile phone or your previous Two Factor Authentication setup then you can re-setup your phone to get Two Factor Authentication working again.
- Click "Keys and Codes" on the menu and then "Two Factor Auth"
- Click the large "Re-setup Phone" button.
-
Follow the prompts and complete the process as detailed in the Setup Two Factor Authentication section
Backup Codes
If you have temporarily lost access to your Two Factor Authentication app on your mobile phone then you can make use of Backup Codes.
- Click "Keys and Codes" on the menu and then "Two Factor Auth"
- Click the large "Backup Codes" button.
-
Enter in a backup code on the SSH login screen when prompted for a 6 digit code.
Note
Backup codes are 8 digits instead of 6 digits but will work on the SSH login screen.
Warning
Once you have used a backup code to login to a server then you cannot use that backup code again on the same server. Once you have used all of the backup codes you will then need to re-setup your phone as per the above "Re-Setup Phone" instructions.
Disable Two Factor Authentication
If you are concerend that your Two Factor Authentication secret has been compromised, or you no longer wish to use Two Factor Authentication, then simply disable it as follows:
Warning
If you do not have Two Factor Authentication setup on your account, then you will not be able to login to any servers that have Two Factor Authentication enabled.