Help Center> Cloud Bastion Host> User Guide> Logging In to the CBH System> Managing Login Security> Configuring Login Timeout and Login Authentication
Updated on 2023-06-12 GMT+08:00

Configuring Login Timeout and Login Authentication

This topic describes how to configure the timeout and authentication settings for logins through web browsers, including login timeout duration, SMS verification code validity period, graphic verification code, SSH public key login, and SSH password login.

Prerequisites

You have the management permissions for the System module.

Configuring Web Login Requirements

  1. Log in to the CBH system.
  2. Choose System > Sysconfig > Security.

    Figure 1 System security configuration

  3. In the Web Login Config area, click Edit.

    Complete configurations as prompted.
    Figure 2 Configuring Web Login Requirements
    Table 1 Parameters for configuring web login

    Parameter

    Description

    Idle timeout

    Duration to wait before an inactive user is logged out.

    After a system user logs in to the CBH system through a web browser, if they have no operations for a period longer than the configured idle timeout, they will be logged out.

    • Default value: 30 minutes
    • Value range: 1 to 43200, in minutes

    SMS duration

    SMS verification code validity period.

    • Default value: 60 seconds
    • Value range: 15 to 3600, in seconds
    • If the value is 0, the SMS verification code never expires.

    Captcha

    Whether to use the CAPTCHA technology for graphic verification. The options are Enable, Disable, and Auto.

    • Enable: A graphic verification code is required for every login.
    • Disable: No graphic verification code is required for logins.
    • Auto: A graphic verification code is required when the number of consecutive failed password attempts exceeds the configured login attempts.

    Login attempts

    If the number of consecutive failed password attempts exceeds the login attempts, the graphic verification is automatically enabled.

    • This parameter is mandatory if Captcha is set to Auto.
    • Default value: 3
    • Value range: 1 to 30

    Captcha duration

    Validity period of a CAPTCHA.

    • Default value: 60 seconds
    • Value range: 15 to 3600, in seconds
    • If the value is 0, the graphic verification code never expires.

    Domain Check

    Whether to check domain. This option is disabled by default ().

    • : enabled. If you select the AD domain authentication, you are required to download an SSO client and use the same login name as that registered with the AD domain server to log in to the CBH system.
    • : disabled

  4. Click OK. You can then check the web login configuration of the current system on the Security tab.

    Figure 3 Web Login Config

Configuring Login Using a Client

  1. Log in to the CBH system.
  2. Choose System > Sysconfig > Security.

    Figure 4 System security configuration

  3. In the Client Login Config area, click Edit.

    Complete configurations as prompted.
    Figure 5 Configuring Login Using a Client
    Table 2 Parameters for configuring client login

    Parameter

    Description

    Idle timeout

    Duration to wait before an inactive user is logged out of the CBH SSH client.

    • Default value: 30 minutes
    • Value range: 1 to 43200, in minutes

    Logon with SSH key

    Whether to enable SSH key login authentication (Default: ).

    • : enabled. If you have configured an SSH public key, you can log in to the CBH system using the SSH client without providing passwords.
    • : disabled.

    Logon with password

    Whether to enable SSH password login authentication (Default: ).

    • : enabled
    • : disabled
    • If both Logon with SSH key and Logon with password are enabled, the SSH key login authentication is preferentially performed.

  4. Click OK. You can then check the client login configuration of the current system on the Security tab.

    Figure 6 Client Login Config