Follow

OATH (One time password) challenges when using SSH

Vectra appliances use One Time Passwords (OTP) when authenticating against users other than the 'vectra' user.  This extra security step exists to eliminate any possibility of brute-forcing privileged SSH users on the appliance.  During normal operation a user will use the 'vectra' user to authenticate over SSH and as such will not see the OTP prompt.

The OATH prompt appears as follows when authenticating against a Vectra appliance: 

user@host $ ssh vadmin@vectraappliance
Password:
One-time password (OATH) for `vadmin':

In the example above the privileged user 'vadmin' (used by Vectra Support during remote support session) demonstrates the OATH prompt given.  If you see the OATH prompt when authenticating please verify:

  • That you have specified a user in your 'ssh' command.  The 'ssh' command will default to using your current username if none is provided.
  • That the user specified is exactly 'vectra'.  The username is case sensitive and the username 'VECTRA' is different from the user 'vectra'.  The web UI user 'admin' cannot be used at the command line.

If, after confirming the above, you continue to see OATH prompts for the 'vectra' user please contact Vectra Support.

Was this article helpful?
0 out of 0 found this helpful

Download PDF

0 Comments

Article is closed for comments.