# Use push on mobile for 2FA

### Use push messages for 2FA

RPort supports sending one-time tokens to mobile phones via [Pushover](https://pushover.net). Pushover is a very tiny and versatile app available for [Android](https://pushover.net/clients/android) and [IOS](https://pushover.net/clients/ios).

{% hint style="info" %}
By creating a custom script you can send the token via any delivery method. This enables you to use Telegram or other messengers too. [Learn more](https://oss.rport.io/docs/no15-messaging.html#script).
{% endhint %}

You can use the app free for 30 days and after that trial it costs \~€6,00. This is a one-time payment. Receiving messages is free.&#x20;

Install the app on your mobile and create your account. Or go to pushover and create your account there. **Each person** who wants to receive tokens on the mobile **need its own Pushover account**.

With a Pushover account, you are allowed to receive and to send messages. Only receiving is enabled by default. To set up the 2FA you need to enable sending too. This must be done only by one person, typically the main administrator of the RPort server.&#x20;

#### Create your account and generate a token

Go to <https://pushover.net> and log in to your account (top-right corner). The credentials are the same on the mobile and on the web.&#x20;

Scroll down to "Your Applications" and create a "new application/API Token". This enables sending messages.

![Enable message sending by creating an application](https://1574570054-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MekeI9EovpQqbUTQSdM%2F-MfqcLCt4QHHnF9Q7XUp%2F-MfrJNufzzupB_6jaCiK%2Fimage.png?alt=media\&token=536e96a2-0a58-46cc-8f1c-c9aeccb65f3a)

Enter RPort as the name of the application and confirm the terms. A token is displayed. This is your sender token.&#x20;

![Your token for sending messages](https://1574570054-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MekeI9EovpQqbUTQSdM%2F-MfqcLCt4QHHnF9Q7XUp%2F-MfrKLq5xni0OIZhXfJr%2Fimage.png?alt=media\&token=d6c84674-1579-4bc9-8f81-3ccb54978728)

You now have

1. a user key, that is for receiving messages
2. And an application API token, that is for sending messages.

#### Test your key and token

Log in to your rport server via SSH and execute the following test command. You should receive a push message almost instantly on your mobile.

```
API_TOKEN=<APPLICATION_API_TOKEN>
USER_KEY=<YOUR_PERSONAL_KEY>
curl -s \
  --form-string "token=${API_TOKEN}" \
  --form-string "user=${USER_KEY}" \
  --form-string "message=hello world" \
  --form-string "title=Just a test" \
  https://api.pushover.net/1/messages.json
```

If the test message was sent successfully, proceed to the next step. If not, double-check you are using the right key and token.

#### Activate 2FA on the rport server

Open the configuration file `/etc/rport/rportd.conf` with an editor. Scroll down to the where two-factor is configured, and add the following lines.

```
two_fa_token_delivery = 'pushover'
two_fa_token_ttl_seconds = 600
```

Scroll further down to the `[pushover]` section and enter your API token and one user key. Restart the rport server with `systemctl restart rportd`.

{% hint style="info" %}
The user key is only used to verify the pushover connection on server start. No messages will be sent to this user key. User keys for sending the one-time token are configured per user. Entering the key of one user is harmless because the key doesn't provide access to the user account or any other personal data.
{% endhint %}

If the server refuses to start, execute the following command to see what's going wrong.

```
su - rport -s /bin/bash -c "rportd -c /etc/rport/rportd.conf"
```

#### Update the database

If the server is running after you made the above changes – check with `systemctl status rportd` – enter at least one pushover user key to the database.

```
DB_FILE=/var/lib/rport/auth.db
USER_KEY=<YOUR_KEY>
cat <<EOF|sqlite3 $DB_FILE
UPDATE users SET two_fa_send_to="$USER_KEY" WHERE username="admin";
EOF
```

This will update the user key of the user `admin`. The keys of all other users can be updated via the web UI. Changing the database doesn't require a server restart.

Try to log in with your username and password. A message "Verify it's you" should appear, and your mobile should ring.

![Token sent to your mobile.](https://1574570054-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MekeI9EovpQqbUTQSdM%2F-MfqcLCt4QHHnF9Q7XUp%2F-MfrTfQMADhuxPXmV6nf%2Fimage.png?alt=media\&token=4cbf14e7-cc52-42a3-9d51-df16304579ec)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kb.rport.io/install-the-rport-server/enable-two-factor-authentication/use-push-on-mobile-for-2fa.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.