Requirements: CoreSSH Server, KeePassXC

Introduction

This guide walks through configuring KeePassXC as the 2FA app for a CoreSSH Server user account. Before starting, make sure 2FA is enabled for the user. See Getting Started with 2FA for instructions.

You will also need an existing KeePassXC database. If you do not have one yet, see the KeePassXC Getting Started Guide for instructions on creating a new database.

Add the TOTP secret in KeePassXC

Open your KeePassXC database and select the entry for your CoreSSH Server account. If one does not exist, create a new entry first.

Right-click the entry and select TOTP then Set up TOTP... from the context menu.

Enter the secret key

Copy the secret key displayed in the CoreSSH Server admin console and paste it into the Secret Key field in the KeePassXC desktop application. Leave the default settings (6 digits, 30 seconds) and click OK.

Verify the setup

Right-click the entry and select TOTP then Show TOTP to view the current six-digit code. The code refreshes every 30 seconds.

To confirm the setup is working, connect to CoreSSH Server using an SFTP client. After entering your password, CoreSSH Server will prompt for a one-time passcode. Enter the code shown in KeePassXC.