Table of Contents
Advertisement
User authentication
b. Add the key by using the ssh_key command and pasting or typing a public encryption key
that this user can use for passwordless SSH login:
(config auth user new_user ssh_key)> ssh_key key
(config auth user new_user ssh_key)>
9. (Optional) Configure two-factor authentication for SSH, telnet, and serial console login:
a. Change to the user's two-factor authentication node:
(config auth user new_user)> 2fa
(config auth user new_user 2fa)>
b. Enable two-factor authentication for this user:
(config auth user new_user 2fa)> enable true
(config auth user new_user 2fa)>
c. Configure the verification type. Allowed values are:
n
n
The default value is totp.
(config auth user new_user 2fa)> type totp
(config auth user new_user 2fa)>
d. Add a secret key:
(config auth user new_user 2fa)> secret key
(config auth user new_user 2fa)>
This key should be used by an application or mobile device to generate passcodes.
e. For time-based verification only, enable disallow_reuse to prevent a code from being
used more than once during the time that it is valid.
(config auth user new_user 2fa)> disallow_reuse true
(config auth user new_user 2fa)>
f. For time-based verification only, configure the code refresh interval. This is the amount of
time that a code will remain valid.
(config auth user new_user 2fa)> refresh_interval value
(config auth user new_user 2fa)>
where value is any number of weeks, days, hours, minutes, or seconds, and takes the
format number{w|d|h|m|s}.
For example, to set refresh_interval to ten minutes, enter either 10m or 600s:
(config auth user name 2fa)> refresh_interval 600s
(config auth user name 2fa)>
Digi Connect EZ Mini User Guide
totp: Time-based One-Time Password (TOTP) authentication uses the current time
to generate a one-time password.
hotp: HMAC-based One-Time Password (HOTP) uses a counter to validate a one-
time password.
Local users
433
Advertisement
Table of Contents
