Enabling Two-Factor Authentication

Passwords get stolen. Phishing, data breaches, someone looking over your shoulder - it happens. Two-Factor Authentication (2FA) means that even if someone has your password, they still can’t log in without your phone.

Client Area (cp.gozenhost.com) link

1. Log into the client area
2. Click your name (top right) → Security Settings
3. Under Two-Factor Authentication, click Enable
4. Open your authenticator app:
   • Google Authenticator (Android/iOS)
   • Authy (multi-device sync)
   • 1Password or Bitwarden (built-in TOTP)
5. Scan the QR code
6. Enter the 6-digit code to confirm
7. Save your backup code somewhere safe

cPanel link

1. Log into cPanel
2. Go to Security → Two-Factor Authentication
3. Scan the QR code with your authenticator app
4. Enter the 6-digit code
5. Click Configure Two-Factor Authentication

From now on, cPanel will ask for a code after your password on every login.

SSH (VPS / Cloud) link

For VPS servers, you can add 2FA to SSH logins using Google Authenticator PAM:

  sudo apt install libpam-google-authenticator -y
  

  sudo dnf install epel-release -y
sudo dnf install google-authenticator -y
  

Run the setup:

  google-authenticator
  

Answer the prompts:

Scan the QR code with your authenticator app and save the emergency scratch codes.

Configure PAM link

  sudo nano /etc/pam.d/sshd
  

Add this line at the top:

  auth required pam_google_authenticator.so
  

Configure SSHD link

  sudo nano /etc/ssh/sshd_config
  

Set:

  ChallengeResponseAuthentication yes
  

If you use SSH keys and want 2FA:

  AuthenticationMethods publickey,keyboard-interactive
  

Restart SSH:

  sudo systemctl restart sshd
  

Which Authenticator App? link

What to Do Next link

• First Boot: Initial Server Setup - secure your VPS alongside 2FA
• Connecting to Your Server via SSH - SSH key setup works alongside 2FA