How to enforce 2 Factor Authentication on user login?
Enable the following settings to Enforce 2FAon user ssh login as well as for the web interface. This will prompt the ssh gateway user to set two-factor authentication before going ahead and is a recommended security setting.
Enable the different 2 factor mechanisms that will be available for the gateway user for setup.
Relogin, into the WebGUI and the user will be prompted to setup the 2 factor method if he hasn't setup any. Setup any one 2fa method of your choice from here.
If you want to setup more 2fa methods, then after logging into the WebGUI, setup multiple 2fa methods here.
The 2factor mechanism used for the last login into the WebGUI would be the 2fa method in use in the backend. To change, the 2fa method in use in the backend, login into the WebGUI using the new 2fa method so that it becomes the default 2fa method for the backend.
We have setup Google 2fa and Access Keyword successfully and would be prompted for it. In the example below, we are using Google 2fa to login and hence the same would be prompted in the backend shell as well.
The backend would looks as follows.
Configure Duo 2fa in Jump Server