4-Eyes authentication proxy service

4-Eyes proxy service facilitates communication between Wheel Fudo PAM and Fudo Mobile application enabling system administrators to accept/decline pending access requests.

Installing proxy service

  1. Install FreeBSD version 10.

  2. Add the following to the /boot/loader.conf file:

    pf_load="YES"

  3. Run command:

    kldload pf

Note

Alternatively, recompile the operating system with pf support.

  1. Upload whlproxy package and run:

    pkg add /path/to/whlproxy.txz

Initializing configuration using whlproxyinit

  1. Run whlproxyinit.
  2. Enter hostname.
  3. Define network interface for communication with Wheel Fudo PAM.
  4. Enter IP address along with the network mask, e.g. 10.0.8.201/16.
  5. Define network interface with access to the internet.
  6. Enter IP address used for communication with the internet.
  7. Enter port number for communication with Wheel Fudo PAM’s API.
  8. Enter default routing path.
  9. Enter cluster’s name.
  10. Provide description.
  11. Enter node’s serial number.
  12. Provide node’s SSH key.

Note

Serial numbers and SSH keys can be found in the Fudo administration panel, in the Settings > Network Configuration view, Proxy tab, Fudo SSH keys section.

  1. Enter Y, to add another cluster node.
  2. Enter n, to finish proxy service configuration.

Exemplary configuration process’ console output:

System configuration.
You can modify configuration files after initialization.

Hostname: whlproxy1
Interface with an access to Fudo: em0
Internal IP address and netmask for em0: 10.0.8.201/16
Interface with an access to the Internet: em0
Public IP address and netmask for em0: 10.0.8.201/16
Public API port for 10.0.8.201: 44300
Default route: 10.0.0.1

TLS certificate for the proxy.

Now you will be asked to provide your Fudo cluster configuration.

Enter cluster details.
Name (only digits and uppercase letters): TEST
Description: Test
Enter nodes' details.
Serial: 12345678
Key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAA...
Add another node? [Y/n]: n

Your Fudo cluster configuration was successfully created.
In order to manage your clusters in the future run whlproxyctl tool.

Restarting services...

Wheel Systems Proxy is ready to use.

Managing clusters using whlproxyctl

Adding a cluster

To add a cluster, run the following command:

whlproxyctl cluster add <cluster_name> <cluster_description>

Note

The name of the cluster must start with F character and can contain only uppercase letters or digits, e.g. FJMSBND007.

Example:

whlproxyctl cluster add F007 "Optional description"

Deleting a cluster

To delete a cluster, run the following command:

whlproxyctl cluster del <cluster_name>

Example:

whlproxyctl cluster del F007

Displaying cluster’s details

To display cluster’s details, run the following command:

whlproxyctl cluster show <cluster_name>

Example:

root@whlproxy1:~ # whlproxyctl cluster show F007
Name:           F007
GID:            1009
Description:    Optional description
Token:
Nodes:          F23456789

Listing clusters

To list clusters, run the following command:

whlproxyctl cluster list

Example:

root@whlproxy1:~ # whlproxyctl cluster list
F007
FKW
FTEST

Managing nodes using whlproxyctl

Adding a node to a cluster

To add a node to a cluster, run the following command:

whlproxyctl node add <node_name> <cluster_name> <ssh_key>

Note

  • Node’s name must start with F followed by the serial number, e.g. F23456789.
  • Serial numbers and SSH keys can be found in the Fudo administration panel, in the Settings > Network Configuration view, Proxy tab, Fudo SSH keys section.

Example:

whlproxyctl node add F23456789 F007 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAA...

Deleting a node

To delete a node, run the following command:

whlproxyctl node del <node_name>

Example:

whlproxyctl node del F007

Displaying node’s details

To display detailed information on given node, run the following command:

whlproxyctl node show name

Example:

root@whlproxy1:~ # whlproxyctl node show F12345678
Name:           F12345678
UID:            1007
Cluster:        FTEST
Key:            ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAA...
Rules:

Listing nodes

To list nodes, run the following command:

whlproxyctl node list

Example:

root@whlproxy1:~ # whlproxyctl node list
F00000005
F12345678
F23456789

Related topics: