Page MenuHomeVyOS Platform

Feature Request: ocserv: show configured 2FA OTP key
Closed, ResolvedPublicFEATURE REQUEST

Description

OTP requires passing parameters to the user.
It would be handy to have a mechanism to display the configured user's OTP settings in the VyOS CLI.

Suggested commands:

show openconnect-server user <username> otp <full | key-b32 | key-hex | qrcode | uri >

Example:

vyos@vyos:~$ show openconnect-server user tst otp full
# You can share it with the user, he just needs to scan the QR in his OTP app
# username:  tst
# OTP KEY:  5PA4SGYTQSGOBO3H3EQSSNCUNZAYAPH2
# OTP URL:  otpauth://totp/tst@vyos?secret=5PA4SGYTQSGOBO3H3EQSSNCUNZAYAPH2&digits=6&period=30
█████████████████████████████████████████
█████████████████████████████████████████
████ ▄▄▄▄▄ █▀ ██▄▀ ▄█▄▀▀▄▄▄▄██ ▄▄▄▄▄ ████
████ █   █ █▀ █▄▄▀▀▀▄█  ▄▄▀▄ █ █   █ ████
████ █▄▄▄█ █▀█▀▄▄▀  ▄▀ █▀ ▀▄██ █▄▄▄█ ████
████▄▄▄▄▄▄▄█▄█▄▀ ▀▄█ ▀ ▀ ▀ █▄█▄▄▄▄▄▄▄████
████  ▄▄▄▀▄▄  ▄███▀▄▀█▄██▀ ▀▄ ▀▄█ ▀ ▀████
████ ▀▀ ▀ ▄█▄ ▀ ▀▄ ▄█▀ ▄█ ▄▀▀▄██    █████
████▄ █▄▀▀▄█▀ ▀█▄█▄▄▄▄ ▄▀█▀▀█ ▀ ▄ ▀█▀████
█████  ▀█▀▄▄ █ ▀▄▄  ▄█▄    ▀█▀▀ █▀ ▄█████
████▀██▀█▄▄ ▀▀▀▀█▄▀ ▀█▄▄▀▀▀ ▀ ▀█▄██▀▀████
████▄ ▄ ▄▀▄██▀█ ▄ ▀▄██ ▄▄  ▀▀▄█▄██ ▄█████
████▀▀ ▄▀ ▄ ▀█▀█▀█  █▀█▄▄▀█▀█▄██▄▄█ ▀████
████ █ ▀█▄▄█▄ ▀ ▄▄▀▀  ▀ █▄█▀████ █▀ ▀████
████▄██▄██▄█▀ ▄▀ ▄▄▀▄  ▄▀█ ▄ ▄▄▄ ▀█▄ ████
████ ▄▄▄▄▄ █▄  ▀█▄█ ▄ ▀ ▄ ▄  █▄█ ▄▀▄█████
████ █   █ █ ▀▄██▄▄▀█▄▀▄██▄▀  ▄  ▀██▀████
████ █▄▄▄█ █ ██▀▄▄  ▀▄▄▀█▀ ▀█ ▄▀█ ▀██████
████▄▄▄▄▄▄▄█▄███▄███▄█▄▄▄▄█▄▄█▄██▄█▄█████
█████████████████████████████████████████
█████████████████████████████████████████
# To add this OTP key to configuration, run the following commands:
set vpn openconnect authentication local-users username tst otp key 'ebc1c91b13848ce0bb67d9212934546e41803cfa'

If the user does not exist or does not have an OTP key configured, a warning is issued:

vyos@vyos:~$ show openconnect-server user tst5 otp full
There is no such user ("tst5") with an OTP key configured

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

Unknown Object (User) created this task.May 9 2022, 12:15 AM
Unknown Object (User) created this object in space S1 VyOS Public.
Unknown Object (User) closed this task as Resolved.Jun 12 2022, 5:04 AM
Unknown Object (User) claimed this task.

Tested in VyOS 1.4-rolling-202206100921

Works as expected
Described in docs

Viacheslav changed the subtype of this task from "Task" to "Feature Request".
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.