I configured my FortiGate with the CLI command as below:
---
config system admin
edit admin
set two-factor email
---
Does this affect ssh log-in?
If so, is there any solution to divide ssh authentication and http authentication?
thank you,
Admin authentication is shared across all login methods - HTTP/S, SSH, Telnet. It is not possible to disable 2FA for one login method specifically.
The only exception is protocol-specific authentication (x509 certificate for admin GUI login via HTTPS, SSH keys for SSH login).
If you add email 2FA to your admin account, the token will be mandatory for SSH as well. So be careful with this, if all your admins are email-token-enabled, they likely won't be able to log in if the FortiGate goes offline for any reason. :)
Hi nanashi,
You should be getting the token in your email even for ssh access.
You can enter the token received in your email and post that the login will be allowed
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.