Table of Contents
Advertisement
User authentication
b. Type the following:
(config auth user new_user)> del group n
(config auth user new_user)>
Where n is index number of the authentication method to be deleted. For example, to
delete the serial group as displayed by the example show command, above:
(config auth user new_user)> del group 1
(config auth user new_user)>
7. (Optional) Add SSH keys for the user to use passwordless SSH login:
a. Change to the user's ssh_key node:
(config auth user new_user)> ssh_key
(config auth user new_user ssh_key)>
b. Add the key by using the ssh_key command and pasting or typing a public encryption key
that this user can use for passwordless SSH login:
(config auth user new_user ssh_key)> ssh_key key
(config auth user new_user ssh_key)>
8. (Optional) Configure two-factor authentication for SSH, telnet, and serial console login:
a. Change to the user's two-factor authentication node:
(config auth user new_user)> 2fa
(config auth user new_user 2fa)>
b. Enable two-factor authentication for this user:
(config auth user new_user 2fa)> enable true
(config auth user new_user 2fa)>
c. Configure the verification type. Allowed values are:
n
n
The default value is totp.
(config auth user new_user 2fa)> type totp
(config auth user new_user 2fa)>
d. Add a secret key:
(config auth user new_user 2fa)> secret key
(config auth user new_user 2fa)>
This key should be used by an application or mobile device to generate passcodes.
e. For time-based verification only, enable disallow_reuse to prevent a code from being
used more than once during the time that it is valid.
IX20 User Guide
totp: Time-based One-Time Password (TOTP) authentication uses the current time
to generate a one-time password.
hotp: HMAC-based One-Time Password (HOTP) uses a counter to validate a one-
time password.
Local users
603
Advertisement
Table of Contents
