Reference Guide
Multi-Factor Authentication
Using MFA for SSH Connections
regardless of how mfa is used for single connect logins, it can also be used to establish connections (ssh/rdp) to target devices using any method in this section will provide information on how to configure mfa for ssh connections only users in enabled user groups can use mfa for ssh connections to enable mfa use for the user group, please refer to the section docid\ q04vhhdddgmqe5mojptwf to set up mfa for ssh connections pre requisite admin and users have the qr code, installed the single connect mobile app, scanned the qr code with the mobile app, and otp is enabled for the user group that will be using mfa for ssh connections (see sections docid\ e3u2gulcf51dgux s7nh2 , https //app archbee com/docs/jsymind0w sxaymlkgomr/hxrij xtdti9bocp12vm7 docid\ qrhipik cghzw4hrmvxtv , docid\ q04vhhdddgmqe5mojptwf ) establish an ssh connection to single connect from the ssh client as a root run the following commands to set the required parameters in the config file cd /u01/nssoapp/conf/ vi nsso properties check the configuration file to see if the parameter below is already configured in it if not, add the lines below if there is a hash (#) sign in front of the parameters, delete the hash (#) sign to activate the parameter if the parameter value is “false”, change it to “true” to type or add anything in the vi editor, first press the insert button on the keyboard, then type in the necessary line press esc to exit typing mode to save the file press esc, then colon ( ), type in “wq!” and press enter if you do not want to save the changes to the file, press esc, then colon ( ), then type in “q!” and press enter nsso connection otp enabled=true nsso otp cache enabled=true nsso otp cache seconds=300 the first command enables otp the second command sets up otp caching, and the third one sets the cache value to 300 seconds this means that if a user logs in with otp they will not be asked for any token for the next 300 seconds, even if the user disconnects and connects again after the parameters are set, restart nssoapp by running the command systemctl restart nssoapp after these settings, a user belonging to an enabled user group will be asked for a token when logging in to an ssh server