Chapter 56 Authentication Objects
ZyWALL Series CLI Reference Guide
489
56.5.4 Admin Access Two-Factor Command Examples
The following example shows how to set up two-factor authentication for an admin user.
[no] two-factor-auth admin-
access service
{ssh|telnet|web}
Sets which services require Two-Factor Authentication for the admin user.
The
no command removes disables two-Factor Authentication for the
specified access type.
• SSH
•Telnet
•Web
username username 2fa-auth-
method {default|google-
auth|pin-code}
Sets the two-factor authentication method for the user to either Google
Authenticator or SMS/email.
Default sets the authentication method to the default method set by the
command
two-factor-auth admin-access auth-method.
username username [no]
google-auth
Enables two-factor authentication by Google Authenticator for the user
account. The Zyxel Device creates a Google Authenticator QR code, and
a set of backup codes for the account.
The no command disables two-factor authentication by Google
Authenticator for the user account, and also deletes the account’s
Google Authenticator QR code, secret key file, and backup codes.
username username google-
auth verify-code
<verification code>
Verifies whether the code currently displayed in the Google Authenticator
app is correct or not.
The Zyxel Device also creates a secret key file if one does not already exist.
username username google-
auth backup-code create
Generates five new Google Authenticator backup codes. All previously
generated backup codes become invalid.
You can use Google Authenticator backup codes to log into the Zyxel
Device if you are unable to access the Google Authenticator app.
username username [no]
{email1-verify|email2-
verify}
Verifies that the specified email address for the specified user name is
valid. Use the no command and the specified email address for the
specified user name will be invalid.
username username [no]
phone-verify
Verifies that the specified mobile telephone number for the specified user
name is valid. Use the no command and the specified mobile telephone
number for the specified user name will be invalid.
show two-factor-auth admin-
access
Displays current two-factor command settings for logins via the Web
Configurator, SSH, or Telnet.
show username username
google-auth qrcode
Displays the Google Authenticator QR code for this account.
You can link this user account with Google Authenticator by pressing Enter
Provided Key in the Google Authenticator app.
show username username
google-auth backup-code
Displays the Google Authenticator backup codes for this user account.
You can use Google Authenticator backup codes to log into the Zyxel
Device if you are unable to access the Google Authenticator app.
show two-factor-auth admin-
access
Displays the default two-factor authentication method for new admin
accounts
Table 278 two-factor Authentication Commands (continued)
COMMAND DESCRIPTION
To Next Page
Loading...
