{"id":3480,"date":"2023-11-15T17:53:27","date_gmt":"2023-11-15T09:53:27","guid":{"rendered":"https:\/\/www.servergigabit.com\/guide\/?post_type=kb&p=3480"},"modified":"2025-12-29T11:35:06","modified_gmt":"2025-12-29T03:35:06","slug":"how-to-activate-2fa-totp-on-a-vps","status":"publish","type":"kb","link":"https:\/\/www.servergigabit.com\/guide\/kb\/how-to-activate-2fa-totp-on-a-vps","title":{"rendered":"How to Activate 2FA\/TOTP on a VPS?"},"content":{"rendered":"

\"2FA\/TOTP\"<\/p>\n

You can enable 2FA\/TOTP on a VPS by following the instructions in this guide. Let’s address the “what” and “why” first in order to lay the groundwork for a more secure and resilient virtual environment before getting into the “how.”<\/p>\n

<\/span>What Is 2FA\/TOTP?<\/strong><\/h2>\n

Two-factor authentication (2FA)<\/strong> is a security procedure that goes above and beyond password verification. It usually involves two things: something you possess (like a mobile device) and something you know (like a password).<\/p>\n

Time-based One-Time Passwords (TOTP)<\/strong> symbolize a particular type of 2FA in which a unique password is created on a regular basis, typically every 30 seconds, adding a fluid and time-sensitive component to the authentication procedure.<\/p>\n

<\/span>Why Do You Use 2FA\/TOTP On Your VPS?<\/strong><\/h2>\n

There are many possible risks in the digital world, and VPS servers are no different. On your VPS, turning on 2FA\/TOTP greatly improves the security posture of your server. By themselves, passwords are vulnerable to phishing and brute force attacks. You can strengthen your defenses against unauthorized access and lower the likelihood of data breaches and possible compromises by adding an additional layer of authentication.<\/p>\n

<\/span>Prerequisites<\/strong><\/h2>\n

Make sure you have the following setup requirements before attempting to enable Two-Factor Authentication (2FA) with Time-based One-Time Passwords (TOTP) on your Virtual Private Server (VPS).<\/p>\n

<\/span>1. VPS Access<\/strong><\/h3>\n

You need administrative access to your VPS and an SSH connection to your server in order to put security measures in place. Make sure you possess the authorization and rights required to modify configurations. If you are not the administrator, work with the individual or group in charge of managing the VPS.<\/p>\n

Not sure if you are the root \u2013 or what a \u201croot\u201d is? No problem! We got you covered with \u201cA Practical Guide to Superuser Accounts, sudo & root<\/a>\u201d.<\/p>\n

<\/span>2. PuTTY \u2013 A Reliable SSH Client<\/strong><\/h3>\n

A key protocol for securely accessing and managing your virtual private server (VPS) is Secure Shell (SSH). You can download PuTTY<\/a>, a popular and trustworthy SSH client for Windows.It is important to ensure that your alternate SSH client is setup and prepared to establish a connection with your virtual private server (VPS).<\/p>\n

<\/span>Setting Up SSH Key Authentication<\/strong><\/h2>\n

Secure your Virtual Private Server (VPS) by configuring SSH Key Authentication first. Please see our current guide on “How to Use SSH Keys with Your Server”<\/a> for a comprehensive walkthrough on configuring SSH Key Authentication.After setting up SSH Key Authentication, come back here to proceed with configuring Two-Factor Authentication (2FA) on your VPS using Time-based One-Time Passwords (TOTP).<\/p>\n

<\/span>Installing and Configuring TOTP on Your VPS<\/strong><\/h2>\n

After implementing SSH Key Authentication, we can move forward with setting up and installing Time-based One-Time Passwords (TOTP) to enhance security on your VPS.<\/p>\n

<\/span>Installing Required Packages to Enable TOTP<\/strong><\/h3>\n

Installing the required packages to enable TOTP should come first. Depending on the operating system of your VPS, the precise commands might change. For instructions, consult the package manager documentation for your system.<\/p>\n

Example commands for a Debian-based system:\u00a0<\/strong><\/p>\n

sudo apt-get update<\/code><\/pre>\n
sudo apt-get install libpam-google-authenticator<\/code><\/pre>\n
<\/span>Configuring TOTP for SSH<\/strong><\/h3>\n
Once the required packages are installed, configure TOTP for SSH.<\/p>\n
Edit the SSH daemon configuration file, usually located at `\/etc\/ssh\/sshd_config`.<\/em><\/p>\n
Ensure the following lines are present:\u00a0<\/strong><\/p>\n
ChallengeResponseAuthentication yes\r\nAuthenticationMethods publickey,keyboard-interactive<\/code><\/pre>\n
Save the changes and restart the SSH service:\u00a0<\/strong><\/p>\n
sudo service ssh restart<\/code><\/pre>\n
<\/span>Securing Your SSH Configuration<\/strong><\/h3>\n
To enhance security, disable password authentication for SSH.<\/p>\n
Open the SSH configuration file again and set:\u00a0<\/strong><\/p>\n
PasswordAuthentication no<\/code><\/pre>\n
Restart the SSH service to apply the changes.\u00a0<\/strong><\/p>\n
sudo service ssh restart<\/code><\/pre>\n
<\/span>Setting Up TOTP on Your Mobile Device<\/strong><\/h2>\n
Now, let us configure the Time-based One-Time Passwords (TOTP) on your mobile device. This step ensures a seamless and secure authentication process for accessing your Virtual Private Server (VPS).<\/p>\n
<\/span>Installing a TOTP Authenticator App<\/strong><\/h3>\n
Begin by installing a TOTP Authenticator app on your mobile device. Google Authenticator is a popular choice, but alternatives like\u00a0Authy<\/a>\u00a0or\u00a0Microsoft Authenticator<\/a>\u00a0work just as well. Visit your device\u2019s app store:<\/p>\n
\u00a0Apps for Android:\u00a0<\/strong><\/p>\n