Configuring multi-factor authentication

Ipswitch WS_FTP Server supports multi-factor authentication for users over SSH. To log on to the SSH server, a user must authenticate with:

Users who require multiple factors to authenticate will not be able to logon to the SSH server if they do not fulfill both authentication requirements.

This option is not available to users in an Active Directory user database or Microsoft Windows user database since they cannot authenticate using a public key.

To configure multi-factor authentication for users:

  1. Allow both Password and Public Key methods of authentication to the SSH Listener that is associated with the Host to which the users belong. See Selecting methods of authentication for more information.

    If you do not enable password and public key authentication for the SSH listener and then require multi-factor authentication for a user, the user will not be able to authenticate to the server.

  2. From the top menu, select Host > Users. The Users page opens.
  3. Select the user for whom you want to require multi-factor authentication by clicking on the hyperlinked username. The Edit User page appears.
  4. If the user does not have an SSH user key, select one or more SSH user keys for the user. See Selecting SSH user keys for more information.

    You must also configure the file transfer client to use one of these keys for authentication.

  5. On the Edit User page, select Require multi-factor authentication. You cannot select this option if both a password and at least one SSH user key is not associated with the user.
  6. Click Save when finished.
  7. Repeat Steps 3-6 for each user who requires multi-factor authentication.

You can also require multi-factor authentication when creating a user account. See Creating user accounts for more information.

The file transfer client used to log on to the SSH server must support SSH2 in order to present both a valid username/password pair and SSH key during authentication.