Help Center/ Cloud Bastion Host/ User Guide/ Authentication Configuration/ Configuring Multifactor Verification/ Configuring USB Key Login Verification
Updated on 2025-11-21 GMT+08:00
View PDF
Share

Configuring USB Key Login Verification

USB token is a one-time password technology implemented based on USB keys. In USB key authentication method, you will need to insert the USB key into your local host for login. The system login page then automatically identifies the inserted USB key and requires you to enter the corresponding PIN to pass identity authentication.

If the USB key driver is accidentally uninstalled, reset the login method for user admin. For details, see Resetting Login Method for User admin.

Constraints

  • Currently, USB keys of Century Longmai (GM3000), Century Longmai - SM series algorithms (GM3000), JIT, Century Longmai - Certificates, Feitian - Certificates, and Feitian (ePass3000GM) are supported. USB keys from different vendors cannot identify each other for login authentication. You need to configure the USB key vendor based on your USB keys. Only one vendor can be configured at a time. For details, see Configuring the USB Key Vendor.
  • A USB key can be issued to one user only.

Prerequisites

You have obtained a USB key and installed the USB key driver locally.

Step 1 Configure USB Key Authentication

  1. Log in to your bastion host as the administrator.
  2. Choose User > User to go to the User management page.
  3. Select a user and click its LoginName.
  4. In the User Setting area, click Edit.
  5. In the displayed Edit user setting dialog box, select USBKey for Multifactor Verification.
  6. Click OK.

Step 2: Issue the USBKey

  1. Log in to your bastion host as the administrator.
  2. Choose User > USBKey in the navigation pane.
  3. Click Issue to issue a USB key.
  4. Select a user with the USB key multifactor verification enabled as the related user.

    Table 1 Parameters for issuing a USB key

    Parameter

    Description

    USBKey

    Specifies the USB key ID.

    Relate User

    Specifies the user to which the USB key is related. USB key in multifactor verification must be enabled for such users.

    PIN

    Specifies the personal identification number (PIN) uniquely corresponding to the USB key. It is provided by the USB key vendor.

  5. Click OK. You can then view the newly issued USB key in the USB key list.

    When logging in to a bastion host with a USB key, insert your USB key into your local host, select the USB key on the login page, and enter the PIN as prompted. The USB key is identified automatically when it is inserted.