-
-
Notifications
You must be signed in to change notification settings - Fork 115
OTP (2 factor authentication)
Eugeny edited this page Apr 20, 2022
·
5 revisions
OTP is available in 0.2+ (currently nightly builds only)
Run warpgate generate-otp
to generate a fresh TOTP secret key:
$ warpgate generate-otp
<qr code>
20:30:04 INFO Setup URL: otpauth://totp/test?secret=D6T5ZGHZERBVO63D7JBZM4NPOSLB5SOPWF4SNQ4LTWFYEOK72WYA&issuer=Warpgate&digits=6&algorithm=SHA1
20:30:04 INFO Config file snippet:
- type: otp
key: H6fcmPkkQ1d7Y/pDlnGvdJYeyc+xeSbDi52Lgjlf1bA=
The QR code shown and the URL can both be used to directly set up a mobile TOTP authenticator app.
You can now add the generated config snippet to the user's configuration and set require
to enable 2-factor authentication:
[...]
users:
- username: admin
credentials:
- type: publickey
key: ssh-ed25519 AAAAC3Nz[...]bD4I
+ - type: otp
+ key: H6fcmPkkQ1d7Y/pDlnGvdJYeyc+xeSbDi52Lgjlf1bA=
+ require: [publickey, otp]
roles:
- "warpgate:admin"
[...]
Validate the file with warpgate check
. Warpgate will automatically reload the config file and start requiring the OTP through a keyboard-interactive authentication prompt on SSH.