editor
699
edits
FireBrick OTP: Difference between revisions
lang="xml"
m (→Apps) |
(lang="xml") |
||
|
===OTP example===
You can use the OTP instead of a password, e.g.:
<syntaxhighlight lang="xml">
<user name="bob" otp="Bobs keyring" comment="OTP token"/>
</syntaxhighlight>
===Password and OTP example===
<syntaxhighlight lang="xml">
<user name="bob" otp="Bobs keyring" password="secret" comment="OTP token and password required"/>
</syntaxhighlight>
So, we may want a user that doesn't use the OTP, but is restricted to certain IPs that he can log in from. e.g., we can list the LAN IPs, and perhaps some known remote IPs too. -this will also help in the event of the OTP device being lost!
We can then set a user that is not restricted by IP address, which means that you can log in to the FireBrick from anywhere as long as you use the OTP as well -so security is tighter as both a password and the OTP are required. e.g.
<syntaxhighlight lang="xml">
<user name="bob" password="secret" access="192.0.2.0/28" comment="access with just a password from the LAN"/>
<user name="bob2" otp="Bobs keyring" password="secret" comment="Access from anywhere with OTP and password"/>
These are the config lines that will make this work:
<syntaxhighlight lang="xml">
<user name="John" otp="Johns keyring" password="secret" level="guest" comment="A remote user for accessing the LAN"/>
<ip-group name="RemoteUsers" users="John" comment="List of users that will be allowed to access the LAN"/>
| |||