FireBrick OTP
What is OTP/OATH
OTP = One Time Password
Uses on a FireBrick
- More secure admin login to the FireBrick - user needs a password and the OTP
- Users can log in to the FireBrick to open up the firewall from their IP, as a 2 stage login process to your LAN
- Have normal users with passwords for access to the FB from known IPs, but allow an OTP user to login to the FireBrick from any IP address.
OTP Devices
Keyring type
Apps
There free apps available for iPhone, Nokia, Android etc.
iPhone OATH info about the OATH Token App
Configuring the FireBrick
Setting up the OTP
Once you have your OTP device, then on the FireBrick click on Config and then Configure OATH/OTP The fields on this form are:
- Serial Number - the name you want to give to this OTP - you can use the serial number on the OTP, or simply a name, eg Andrews iPhone, up to you.
- Key - this is the HEX key that will be given to you from the OTP device.
- Digits - how many digits the OTP device gives you.
- Interval - the time in seconds that the OTP changes, or set to Event based.
- Validate - these are the 3 sequential values from the device - ie, enter in the current value, wait for it to update, enter in the new value, and then the same for the third value.
Click update, and should be set.
Configuring OTP devices against FireBrick Users
OTP example
You can use the OTP instead of a password, eg:
<user name="bob" timeout="PT1H" otp="Bobs keyring" comment="OTP token"/>
=Password and OTP example
<user name="bob" timeout="PT1H" otp="Bobs keyring" comment="OTP token" password="secret"/>
With this, bob will need to log in to the FireBrick using the password of <opt><password> - is the opt value followed by his password.