Enabled 2fa (TOTP) on node A, now can't log into node B


Active Member
Jan 17, 2019
I have two nodes, A and B. I decided to try out two-factor authentication. I logged into node A, clicked the top-right menu in the web GUI, clicked "TFA", and set up a TOTP secret in my phone's 2FA app (scanned the QR code, verified it, etc.). I now am required to enter the 2FA code whenever I log into node A's web GUI, as expected.

I have now noticed that I can no longer log into node B's web GUI. When I try, I am prompted for a 2FA code. I have attempted to use the same code I am using for node A's log, but this does not work.

I have verified that the 2FA secret stored in /etc/pve/priv/tfa.cfg is identical on both boxes. I have also verified that both boxes are time-synchronized via NTP to the same NTP servers.

Is there some trick to getting 2FA working across boxes? I don't mind having separate secrets for each (though would prefer one just for convenience).

Let me know if there is any additional info I can post.


this sounds weird, to be sure I just retried and it works fine here on a three node cluster..

We check the current, the past and the future time window for TOTP codes, so it should cope with some difference..
If they got the wrong time NTP may need quite a bit to sync it up, as it doesn't wants to make big jumps, did you checked the actual times and compared them on the servers?


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!