Authentication
      Back to home
      1. Vali Cyber Knowledge Base
      2. ZeroLock®
      3. Authentication

      How to Stop SSH-MFA Alerts Generation

      Disabling SSH Multifactor Authorization Alerts.

        There may be situations where you do not want SSH Multifactor Authentication (MFA) alerts triggered on some or all endpoints.  If you want to turn off SSH-MFA alerts on endpoints, with the ZeroLock® Management Console (ZMC) it’s a simple matter of disabling the SSH-MFA Detection Engine in the assigned configuration profile. 

        Stopping SSH-MFA Alerts on All Endpoints

        Turning off SSH-MFA alerts to all endpoints is a simple matter of disabling the SSH-MFA Detection Engine in the assigned default configuration profile.  This is easily done using the ZeroLock® Management Console (ZMC).

        1. From the ZMC dashboard, go to System Configuration | Config Profiles, select the Endpoint profile to be changed, then click Edit on the far right.
          Edit Config Profiles 2.0.1-1

        2. On selecting edit the full Profile screen appears.  Go down to the SSH Multifactor AUTH box and click the green (enabled) checkbox turning it red (disabled). Selecting the Update button will disabled SSH-MFA alerts on the endpoint.
          SSH Enabled 2.0.1

          SSH Disabled 2.0.1-1

        Stopping SSH-MFA Alerts on Select Endpoints

        There may be situations where you do not want SSH Multifactor Authentication (MFA) alerts triggered on certain Endpoints. To achieve this, the SSH-MFA detection engine must be disabled.  Disabling the detection engine requires creating a New Policy and Configuration Profile then applying that new profile to the Endpoint(s).

        Create a New Policy 

        1. From the ZMC dashboard, go to CONTROL POLICIES | POLICIES | ADD NEW POLICY
          New Policy 2.0.1

        2. On the New Policy screen enter a name and description for the policy.  Since policy creation does NOT require any rules, you may click CREATE without selecting a rule. New Policy with Name 2.0.1
           
        For a policy to be put into effect it must be combined with a Configuration Profile.  The next section will take you through this process. 

        Creating a New Configuration Profile 

        1. Scroll down to SYSTEM CONFIGURATION | CONFIG PROFILES which will bring you to the list of available configurations on the system.  In this example, the default configuration profile is the only profile. Select ADD NEW PROFILE, enter a name for the new profile.
          New Config Profile 2.0.1-2


        2.  Go to the SSH Multifactor Auth box and click the green (enabled) box changing it to red (disabled). 
        3. To apply the policy that was created, navigate to the Default Control Policy drop-down menu, and select the policy you created. Only one policy can be applied to a Configuration Profile at a time. Once complete, select CREATE. 
          Creating New Config Profile 2.0.1-1

          

        Applying the New Profile to Endpoint(s)

        Once a Configuration Profile has been created, it must be applied to an endpoint so the settings can take effect.

        1. Navigate to the Endpoints page and in the ACTIONS menu, select SET ENDPOINT CONFIG
          Endppoint Action Set Endpoint Config 2.0.1
        2. On the following screen select the appropriate configuration from the dropdown list then SET CONFIGS
          Set Endpoint Config Closeup 2.0.1

        TEST 

        To test, open ALERTS, then open a terminal session. SSH to the Endpoint with the new configuration applied. If an alert does not appear, you have successfully disabled the SSH-MFA alerts on the applicable endpoints.