First Make sure that the server time and the mobile time as same. root@ip-xx-xx-xx-xx:~# apt-get update root@ip-xx-xx-xx-xx:~# apt-get upgrade ubuntu@ip-xx-xx-xx-xx:~ sudo apt-get install libpam-google-authenticator ubuntu@ip-xx-xx-xx-xx:~ sudo vi /etc/pam.d/sshd At the start of the file, add the following line, then save and exit. auth required pam_google_authenticator.so nullok This will mean that users who don’t run Google Authenticator initialization won’t be asked for a second authentication. ubuntu@ip-xx-xx-xx-xx:~$ sudo vi /etc/ssh/sshd_config PasswordAuthentication yes ChallengeResponseAuthentication yes wq! ubuntu@ip-xx-xx-xx-xx:~$ google-authenticator Do you want authentication tokens to be time-based (y/n) y This will give a link like this , you can scan the QR code with the mobile. https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/ubuntu@xx.xx.xx.xx Do you want me to update your "/home/ubuntu/.google_authenticato...