Authentication
      Back to home
      1. Vali Cyber Knowledge Base
      2. ZeroLock®
      3. Authentication

      How to Stop SSH-MFA Alerts Generation

      Disabling SSH Multifactor Authorization Alerts.

      There may be situations where you do not want SSH Multifactor Authentication (MFA) alerts triggered on some or all endpoints.  To turn off SSH-MFA alerts on endpoints, with the ZeroLock® Management Console (ZMC) it’s a simple matter of disabling the SSH-MFA Detection Engine in the assigned configuration profile. 

      Stopping SSH-MFA Alerts on All Endpoints

      Turning off SSH-MFA alerts to all endpoints is a simple matter of disabling the SSH-MFA Detection Engine in the assigned default configuration profile.  This is easily done using the ZeroLock® Management Console (ZMC).

      1. From the ZMC dashboard, go to System Configuration | Config Profiles, select the Endpoint profile to be changed, then click Edit on the far right.
        Image_1_Select Demo Profile_v4.1.3

      2. On selecting edit the full Configuration Profile screen appears.  Go down to the SSH Multifactor AUTH box and click the green (enabled) checkbox turning it red (disabled). Selecting the Update button will disable SSH-MFA alerts on the endpoint.
        Image_2A_6A_SSH Multifactor Auth_v4x

        Image_2B_6B_SSH Multifactor AUTH_Disabled_v4x

      Stopping SSH-MFA Alerts on Select Endpoints

      There may be situations where you do not want SSH Multifactor Authentication (MFA) alerts triggered on certain Endpoints. To achieve this, the SSH-MFA detection engine must be disabled.  Disabling the detection engine requires creating a New Policy, a Configuration Profile, and then applying that new profile to the Endpoint(s).

      Create a New Policy 

      1. From the ZMC dashboard, go to CONTROL POLICIES | POLICIES | ADD NEW POLICY
        Step_1_Add New Policy-3

      2. On the New Policy screen enter a name and description for the policy.  Since policy creation does NOT require any rules, you may click CREATE without selecting a rule. Step_2_Create-1
         
      For a policy to be implemented it must be combined with a Configuration Profile.  The next section will take you through this process. 

      Creating a New Configuration Profile 

      1. Go to SYSTEM CONFIGURATION | CONFIG PROFILES which will bring you to the list of available configurations on the system.  In this example, the default configuration profile is the only profile. Select ADD NEW PROFILE and enter a name for the new profile.
        Step_1_Add New Profile-Feb-05-2025-08-20-49-1829-PM


      2.  Go to the SSH Multifactor Auth box and click the green (enabled) box changing it to red (disabled).
        Step_2_KB version-1 
      3. To implement the new policy, go to the Default Control Policy drop-down menu, and select the policy you created. Only one policy can be applied to a Configuration Profile at a time. When done, select CREATE. 
        Step_3_Select Default Control Policy-Feb-05-2025-08-21-58-7432-PM

        

      Applying the New Profile to Endpoint(s)

      Once a Configuration Profile has been created, it must be applied to an endpoint so the settings can take effect.

      1. Navigate to the Endpoints page and in the ACTIONS menu, select SET ENDPOINT CONFIG
        Step_1_Endpoints Main window-4
      2. In the Set Endpoint Configs window select the appropriate configuration from the dropdown list then SET CONFIGS
        Step_2_Set Endpoint Configs-4

      TEST

      To test, open ALERTS then open a terminal session.  SSH to the Endpoint with the new configuration applied.  An alert should not appear.