From e1cb3f5f2e1f2155a3ec65b1251d554a0e806974 Mon Sep 17 00:00:00 2001
From: Joey Hafner <jafner425@gmail.com>
Date: Tue, 13 Feb 2024 10:49:23 -0800
Subject: [PATCH] Document removal of 2FA for SSH

---
 docs/Security.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/Security.md b/docs/Security.md
index 9366ab3..45d011c 100644
--- a/docs/Security.md
+++ b/docs/Security.md
@@ -113,6 +113,12 @@ Note: SSH root login will be disabled implicitly by requiring pubkey authenticat
 
 https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-16-04
 
+### Disabling 2FA
+Some use cases (such as programmatic access) demand 2FA be disabled. 
+Some day we'll figure out how to allow specific keys to bypass the 2FA requirement. But until then,
+
+Edit the file `/etc/ssh/sshd_config` as root. Set `UsePAM` from `yes` to `no`. 
+
 ### SSH Key Management
 The process for managing SSH keys should work as follows: