editor
699
edits
FireBrick OTP: Difference between revisions
m
clean up, typos fixed: Event based → Event-based (2), 2 stage → 2-stage
(lang="xml") |
m (clean up, typos fixed: Event based → Event-based (2), 2 stage → 2-stage) |
||
| (2 intermediate revisions by one other user not shown) | |||
|
=Uses on a FireBrick=
*More secure admin login to the FireBrick - user needs a password and the OTP
*Users can log in to the FireBrick to open up the firewall from their IP, as a 2
*Have normal users with passwords for access to the FB from known IPs, but allow an OTP user to login to the FireBrick from any IP address.
There free apps available for iPhone, Nokia, Android etc.
(These listed apps are a little old now, there may be better ones available...)
*[https://itunes.apple.com/us/app/authenticator/id766157276?mt=8 Authenticator] is a free iPhone app (verified working with FireBrick 20 December 2016)
*[http://itunes.apple.com/us/app/oath-token/id364017137?mt=8 OATH Token] is a free iPhone app - (there are others too)
*[http://www.ds3global.com/index.php?option=com_content&task=view&id=71 DS3 OATHDSSS] is an event-based OATH token for J2ME capable phones
=== Configuring the app ===
Your app's config needs to match that of the FireBrick for:
*Secret - this is usually the base32 encoding of the HEX key which you enter into your FireBrick. (You could use [http://tomeko.net/online_tools/hex_to_base32.php?lang=en this] to do the conversion for you.]
*Digits - how many digits you want to use
*Interval - the time in seconds that the OTP changes, or set to Event-based.
You can also use something like [http://dan.hersam.com/tools/gen-qr-code.html this] to generate a QR code for your app to scan. Use the following settings:
*Label: something which identifies the token (e.g. "Office FireBrick")
*User: it does not matter, but it might be sensible to set it to the Serial Number you are giving the OTP in the FireBrick config, or the FireBrick user to which you will attach the token
*Key: the base32 encoding of the HEX key which you enter into your FireBrick
*URL: a URL of the form: otpauth://totp/Example:[user]?secret=[base32 of hex secret]&issuer=[Label]
= Configuring the FireBrick =
*Key - this is the HEX key that will be given to you from the OTP device.
*Digits - how many digits the OTP device gives you.
*Interval - the time in seconds that the OTP changes, or set to Event
*Validate - these are the 3 sequential values from the device - i.e., enter in the current value, wait for it to update, enter in the new value, and then the same for the third value.
Click update, and should be set.
<user name="bob2" otp="Bobs keyring" password="secret" comment="Access from anywhere with OTP and password"/>
</syntaxhighlight>
== Logging in to the FireBrick using OTP ==
When you have a user configured, log out and try to log back in again.
In the "Username" field, put in your username as usual.
In the "Password" field, put in your OTP code followed (with no space in between) by your password.
== Using FireBrick login to access your LAN ==
| |||