Enforce Multifactor Authentication when accessing servers or containers protected by ZeroLock®.
SSH-MFA (Secure Shell Multi-Factor Authentication) allows for restricting SSH access on your ZeroLock® protected Linux system and the ability to require two-factor authentication for user connections.
- From the ZeroLock® Management Console select Control Policies | Rules.
- Selecting Add New Rule from the drop-down menu opens the following screen.
- The chart below guides you through filling in the necessary information for a new policy rule.
Name
Enter the name that describes the Rule you are creating.
Naming will be helpful as you add Rules to the policy.
Description
Enter a helpful description.
Rule Type
SSH-MFA
IP Address
Adding an IP Address to the rule will check the source IP address that is logging in to a protected system. The IP address may be a single IPV4 or IPV6 address or it may also be an IPV4 or IPV6 CIDR range.
If you want the source IP address to be ignored for this rule, just put 'ANY' in the field.
Note: This is an optional field.
User
You may specify that the rule triggers if the user is logging in to the system as a specific Linux user. For example, by specifying the user as 'root' in this field, this rule will trigger when someone attempts to log in as the 'root' user.
Note: This is an optional field.
Day/Time
You can specify a time range and the days for which a rule is effective. The rule will be effective for all days if no days are selected.
Start/End
You may optionally specify the start and end date of a rule.
Action
You must specify the action taken if this rule is triggered.
The options are Allow, Authenticate, or Reject.
- Allow allows the ssh session to continue as normal.
- Authenticate causes the ssh session to be subject to MFA.
- Reject terminates the session immediately.
- The new SSH-MFA rule rejects any connection attempts on the weekends.
- Select Create and the rule is created.
- Congratulations! You have just created a new SSH-MFA rule.