Table of Contents
Advertisement
User authentication
(config auth user new_user)> del group 1
(config auth user new_user)>
8. (Optional) Add SSH keys for the user to use passwordless SSH login:
a. Change to the user's ssh_key node:
(config auth user new_user)> ssh_key
(config auth user new_user ssh_key)>
b. Add the key by using the ssh_key command and pasting or typing a public encryption key
that this user can use for passwordless SSH login:
(config auth user new_user ssh_key)> ssh_key key
(config auth user new_user ssh_key)>
9. (Optional) Configure two-factor authentication for SSH, telnet, and serial console login:
a. Change to the user's two-factor authentication node:
(config auth user new_user)> 2fa
(config auth user new_user 2fa)>
b. Enable two-factor authentication for this user:
(config auth user new_user 2fa)> enable true
(config auth user new_user 2fa)>
c. Configure the verification type. Allowed values are:
n
n
The default value is totp.
(config auth user new_user 2fa)> type totp
(config auth user new_user 2fa)>
d. Add a secret key:
(config auth user new_user 2fa)> secret key
(config auth user new_user 2fa)>
This key should be used by an application or mobile device to generate passcodes.
e. For time-based verification only, enable disallow_reuse to prevent a code from being used
more than once during the time that it is valid.
(config auth user new_user 2fa)> disallow_reuse true
(config auth user new_user 2fa)>
f. For time-based verification only, configure the code refresh interval. This is the amount of
time that a code will remain valid.
Digi Connect IT® 4 User Guide
totp: Time-based One-Time Password (TOTP) authentication uses the current time
to generate a one-time password.
hotp: HMAC-based One-Time Password (HOTP) uses a counter to validate a one-
time password.
Local users
675
Advertisement
Table of Contents
