RPort
  • RPort Knowledge Base
  • 👀WHAT IS RPORT
    • Features and benefits of RPort
      • Full feature list
    • Screenshots
    • Release Notes
      • 1.1.2
      • 1.1.0
      • 1.0.5
      • 1.0.4
      • 1.0.3
      • 1.0.2
      • 1.0.1
  • 🚀GETTING STARTED
  • Install the RPort Server
    • Launch RPort in the cloud
    • Install on-premises
    • Install on Vultr
    • Install on Azure
    • Install on AWS EC2
    • Install on Digital Ocean
    • Install on Scaleway
    • Install on Google Compute
    • Install on Hetzner Cloud
    • Install RPort on any virgin cloud VM
    • Change the FQDN of the RPort server
    • Enable two factor authentication
      • Use push on mobile for 2FA
      • Use TOTP
  • Connecting Clients
  • Using the remote access
    • Creating tunnels
      • VNC via browser
      • VNC via VNC® Viewer from RealVNC®
      • RDP via Browser
    • Open SSH from the browser
    • Scp,sftp through a tunnel
  • Renaming and tagging of clients
  • Organize clients with groups
  • Activate the vault
  • Manage users and permissions
  • Video Courses
    • Installation Preparation
    • Install on Prem
    • Install on Cloud
    • Client installation
    • Remote Access
    • Network communication
  • 🗣️ NEED HELP?
    • Troubleshoot common problems
      • RPort Server not starting
      • Restart rport through a tunnel
      • Attributes file path not set
      • Recover lost passwords
      • Client is not connecting
      • Id is already in use
  • 🔦DIGGING DEEPER
    • Using the API
      • Create client credentials
    • RPort Technology Explained
      • RPort Security Model
    • Commands and Scripts
      • Executing commands
      • Executing scripts
      • Tacoscript
    • The scheduler
    • File copy and reception
    • Client Configuration Options
      • Supervision of OS updates
      • Script and command execution
    • Advanced client management
      • Install the RPort client manually
      • Uninstall the RPort client
    • Server Maintenance
      • Monitoring of RPortd
      • Updating RPort
      • Backing up the rport server
      • Renewing certificates
    • FAQ
      • How to use Cloudflare
    • High Availability
    • Install on macOS
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Install the RPort Server
  2. Enable two factor authentication

Use TOTP

Learn how to use any rfc6238 compliant token generator, e.g. Google or Microsoft authenticator

To change between the different two-factor-authentication methods, you must open the configuration file locate on your rport server at /etc/rport/rportd.conf with a text editor.

Scroll down and look for the examples of TOTP. Remove the comment (hash) signs so your configuration looks like the sample below:

  ## To enable time-based onetime tokens generated by apps likes Google or Microsoft Authenticator,
  ## set 'totp_enabled = true'.
  ## Your user-password store (json files or DB table) needs an additional text field 'totp_secret'.
  totp_enabled = true
  
  ## Learn more on https://oss.rport.io/docs/no02-api-auth.html#two-factor-auth
  ## Before sending the token generated by the authenticator app,
  ## users should do a login attempt. Otherwise thye can request tokens directly without login.
  ## 'totp_login_session_ttl' sets the timeout after which totp codes won't be accepted
  totp_login_session_ttl = '600s'
  
  ## If you run multiple RPort servers, you should give them different totp account names
  ## to differentiate them on your authenticator app.
  totp_account_name = 'RPort'

👉 Very likely, you will have some other 2fa default method enabled. You must disable it. Look for the line two_fa_token_delivery = 'smtp' or two_fa_token_delivery = '/usr/local/bin/2fa-sender.sh'. Put a comment (hash sign) at the beginning of the line to disable it.

After having done the changes, restart the rport server by executing systemctl restart rportd.

Now open the user interface in your browser and login in with username and password. You will be prompted to scan the QR code with your authenticator app, or you can copy the secret to your desktop app. The secret is displayed just once.

From now on, you must always enter your username, the password and a token generated by the authenticator app.

PreviousUse push on mobile for 2FANextConnecting Clients

Last updated 1 year ago

Was this helpful?