# 4.3.5.1 SSH access

### 2FA SSH Access

Now that your servers are provisioned you can SSH in using either the IP address or the domain, plus your username as it is configured in inventory files. The first time you do so you will be required to set up 2FA for your server administrators.

<figure><img src="/files/gaROckYTNidduyPHlGzq" alt=""><figcaption></figcaption></figure>

You must have the Google Authenticator app on your mobile phone. You can download this from the Google Play Store or Apple App Store.

Scan the QR code to add the server as an option in Google Authenticator, then enter the 6-digit 2FA code that is generated to access the server.

For all the initial set-up questions that are asked, accept defaults by typing "y"

<figure><img src="/files/VB5LtK41HIXPLVYVKsOj" alt=""><figcaption><p>QR Code for Google Authenticator</p></figcaption></figure>

<figure><img src="/files/4W7lhrAAlaReKXHwTCNd" alt=""><figcaption><p>Accept defaults</p></figcaption></figure>

You will also notice that root SSH access is now disabled as a security posture.

<figure><img src="/files/M11MThuk96g5MAglzaRV" alt=""><figcaption></figcaption></figure>

### Removing SSH Access for a user

If a server administrator needs to be removed from having SSH access to a server, these are the steps you need to take:

1. In the inventory file for the server, find the user block for the user you wish to remove and set the value **state** to **absent**:

<figure><img src="/files/mBNlkNQtyPnoauKBeUek" alt=""><figcaption></figcaption></figure>

```
state: absent
```

2. Commit the updated inventory file to Git
3. Run the Provision action for the environment with just the "**users**" task selected. It is quicker and less intensive than selecting "all"

<figure><img src="/files/Yn64d79WcDqcqavxpIpd" alt=""><figcaption><p>Running the users task updates all users on the server. If a user is marked as absent, they will be deactivated</p></figcaption></figure>

4. Now the user will no longer have SSH access to the server
5. You can delete their block entirely from inventory files and commit the file to Git if you wish.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://documentation.opencrvs.org/v1.8/setup/3.-installation/3.3-set-up-a-server-hosted-environment/4.3.5-provisioning-servers/4.3.5.1-ssh-access.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.