Table of Contents
Advertisement
User authentication
Note
Every user must be configured with at least one group. You can add multiple groups to a
user by clicking Add again and selecting the next group.
9. (Optional) Add SSH keys for the user to use passwordless SSH login:
a. Click SSH keys.
b. In Add SSH key, paste or type a public encryption key that this user can use for
passwordless SSH login and click .
10. (Optional) Configure two-factor authentication for SSH, telnet, and serial console login:
a. Click Two-factor authentication.
b. Check Enable to enable two-factor authentication for this user.
c. Select the Verification type:
n
n
d. Generate a Secret key:
i. Click ... next to the field label and select Generate secret key.
ii. Copy the secret key for use with an application or mobile device to generate
passcodes.
e. For time-based verification only, select Disallow code reuse to prevent a code from being
used more than once during the time that it is valid.
f. For time-based verification only, in Code refresh interval, type the amount of time that a
code will remain valid.
Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the
format number{w|d|h|m|s}. For example, to set Code refresh interval to ten minutes,
enter 10m or 600s.
g. In Valid code window size, type the allowed number of concurrently valid codes. In cases
where TOTP is being used, increasing the Valid code window size may be necessary when
the clocks used by the server and client are not synchronized.
h. For Login limit, type the number of times that the user is allowed to attempt to log in
during the Login limit period. Set Login limit to 0 to allow an unlimited number of login
attempts during the Login limit period.
i. For Login limit period, type the amount of time that the user is allowed to attempt to log
in.
Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the
format number{w|d|h|m|s}. For example, to set Login limit period to ten minutes, enter
10m or 600s.
j. Scratch codes are emergency codes that may be used once, at any time. To add a scratch
code:
IX10 User Guide
Time-based (TOTP): Time-based One-Time Password (TOTP) authentication uses
the current time to generate a one-time password.
Counter-based (HOTP): HMAC-based One-Time Password (HOTP) uses a counter to
validate a one-time password.
Local users
698
Advertisement
Table of Contents
