4-Eyes authentication proxy service¶
4-Eyes proxy service facilitates communication between Wheel Fudo PAM and Fudo Mobile application enabling system administrators to accept/decline pending access requests.
Installing proxy service¶
Install FreeBSD version 10.
Add the following to the
/boot/loader.conffile:pf_load="YES"Run command:
kldload pf
Note
Alternatively, recompile the operating system with pf support.
Upload
whlproxypackage and run:pkg add /path/to/whlproxy.txz
Initializing configuration using whlproxyinit¶
- Run
whlproxyinit. - Enter hostname.
- Define network interface for communication with Wheel Fudo PAM.
- Enter IP address along with the network mask, e.g.
10.0.8.201/16. - Define network interface with access to the internet.
- Enter IP address used for communication with the internet.
- Enter port number for communication with Wheel Fudo PAM’s API.
- Enter default routing path.
- Enter cluster’s name.
- Provide description.
- Enter node’s serial number.
- Provide node’s SSH key.
Note
Serial numbers and SSH keys can be found in the Fudo administration panel, in the > view, tab, section.
- Enter
Y, to add another cluster node. - Enter
n, to finish proxy service configuration.
Exemplary configuration process’ console output:
System configuration.
You can modify configuration files after initialization.
Hostname: whlproxy1
Interface with an access to Fudo: em0
Internal IP address and netmask for em0: 10.0.8.201/16
Interface with an access to the Internet: em0
Public IP address and netmask for em0: 10.0.8.201/16
Public API port for 10.0.8.201: 44300
Default route: 10.0.0.1
TLS certificate for the proxy.
Now you will be asked to provide your Fudo cluster configuration.
Enter cluster details.
Name (only digits and uppercase letters): TEST
Description: Test
Enter nodes' details.
Serial: 12345678
Key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAA...
Add another node? [Y/n]: n
Your Fudo cluster configuration was successfully created.
In order to manage your clusters in the future run whlproxyctl tool.
Restarting services...
Wheel Systems Proxy is ready to use.
Managing clusters using whlproxyctl¶
Adding a cluster¶
To add a cluster, run the following command:
whlproxyctl cluster add <cluster_name> <cluster_description>
Note
The name of the cluster must start with F character and can contain only uppercase letters or digits, e.g. FJMSBND007.
Example:
whlproxyctl cluster add F007 "Optional description"
Deleting a cluster¶
To delete a cluster, run the following command:
whlproxyctl cluster del <cluster_name>
Example:
whlproxyctl cluster del F007
Displaying cluster’s details¶
To display cluster’s details, run the following command:
whlproxyctl cluster show <cluster_name>
Example:
root@whlproxy1:~ # whlproxyctl cluster show F007
Name: F007
GID: 1009
Description: Optional description
Token:
Nodes: F23456789
Listing clusters¶
To list clusters, run the following command:
whlproxyctl cluster list
Example:
root@whlproxy1:~ # whlproxyctl cluster list
F007
FKW
FTEST
Managing nodes using whlproxyctl¶
Adding a node to a cluster¶
To add a node to a cluster, run the following command:
whlproxyctl node add <node_name> <cluster_name> <ssh_key>
Note
- Node’s name must start with
Ffollowed by the serial number, e.g.F23456789. - Serial numbers and SSH keys can be found in the Fudo administration panel, in the > view, tab, section.
Example:
whlproxyctl node add F23456789 F007 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAA...
Deleting a node¶
To delete a node, run the following command:
whlproxyctl node del <node_name>
Example:
whlproxyctl node del F007
Displaying node’s details¶
To display detailed information on given node, run the following command:
whlproxyctl node show name
Example:
root@whlproxy1:~ # whlproxyctl node show F12345678
Name: F12345678
UID: 1007
Cluster: FTEST
Key: ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAA...
Rules:
Listing nodes¶
To list nodes, run the following command:
whlproxyctl node list
Example:
root@whlproxy1:~ # whlproxyctl node list
F00000005
F12345678
F23456789
Related topics: