Enabling 2FA

Two-factor authentication (2FA) requires users to provide verification codes before they log in. The codes will be sent to their mobile phones or email boxes. You have to choose an SMN topic for servers where 2FA is enabled. The topic specifies the recipients of login verification codes, and HSS will authenticate login users accordingly.

Prerequisites

You have created a message topic whose protocol is SMS or email.
Server protection has been enabled.
To enable 2FA, you need to disable the SELinux firewall.
On a Windows server, 2FA may conflict with G01 and 360 Guard (server edition). You are advised to stop them.

Constraints and Limitations

If 2FA is enabled, it can be used only in following scenarios:
- Linux: The SSH password is used to log in to an ECS, and the OpenSSH version is earlier than 8.
- Windows: The RDP file is used to log in to a Windows ECS.
When two-factor authentication is enabled for Windows ECSs, the User must change password at next logon function is not allowed. To use this function, disable two-factor authentication.

Procedures

On the Two-Factor Authentication tab, select servers and click Enable 2FA. Alternatively, click Enable in the Operation column.

Figure 1 Enable 2FA.
In the displayed Enable 2FA dialog box, select an authentication mode.
- SMS/Email
  You need to select an SMN topic for SMS and email verification.
  - The drop-down list displays only notification topics that have been confirmed.
  - If there is no topic, click View to create one. For details, see Creating a Topic.
  - During authentication, all the mobile numbers and email addresses specified in the topic will receive a verification SMS or email. You can delete mobile numbers and email addresses that do not need to receive verification messages.
  Figure 2 SMS/Email verification
- Verification code
  Use the verification code you receive in real time for verification.
Click OK. After 2FA is enabled, it takes about 5 minutes for the configuration to take effect.

When you log in to a remote Windows server from another Windows server where 2FA is enabled, you need to manually add credentials on the latter. Otherwise, the login will fail.

To add credentials, choose Start > Control Panel, and click User Accounts. Click Manage your credentials and then click Add a Windows credential. Add the username and password of the remote server that you want to access.

Parent Topic: Common Security Configuration

Previous topic: Isolating and Killing Malicious Programs

Next topic: Dashboard

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot