Enable TOTP on your Proxmox
Create your TOTP
Login your pve, and click Datacenter > Permissions > Two Factor 
Add your first TOTP
Click add then pop the QR code window. Enter the description and using eg.Google Authenicator by your phone. 
After your scan it by your mobile then enter the verification code.
Now you can logout and re-login that will request your TOTP Authenication.
Setup on SSH
We just setup 2FA in web-UI login. Now we setup TOTP Authenication on SSH also.
- To install Google Authenticator on pve
- Debian/Ubuntu:
1
sudo apt-get install libpam-google-authenticator
- RHEL/CentOS:
1
sudo yum install google-authenticator
- Configure Google Authenticator and synhronize it with your mobile phone
1
google-authenticator
After that will be prompted several questions. It suggested to answer “yes” on all questions.
Open Google Authenticator When you start this application, choose the ‘Enter provided key’ option and write your secret key there.
Enable two-factor authentication for SSH protocol
- edit
/etc/pam.d/sshd file, paste a command below common-auth section.
1
2
3
@include common-auth
auth required pam_google_authenticator.so
- Open the
/etc/ssh/sshd_config
1
2
ChallengeResponseAuthentication yes
PasswordAuthentication no
- Restart SSH service
1
service sshd restart
Reference
This post is licensed under CC BY 4.0 by the author.