This article serves as an extension to the article SFTP Two-Factor Authentication | Cerberus FTP Server. The configuration settings for 2FA with SSH SFTP/SCP as outlined in the aforementioned article, pertain to Cerberus version 2024.1. However, Cerberus FTP Server 2024.2.0 introduces an enhancement to these configurations. This article will assist in providing details around this enhancement.

In the User Manager > Users, select a user and then navigate to the Authentication tab. The checkbox labeled “Require 2 Factor for SSH SFTP/SCP” has been replaced with a dropdown menu. This menu offers options such as “Ignore”, “Require When Status Enabled”, and “Require”.

 

Cerberus FTP Server 2FA Settings

2FA Settings for User in Cerberus Admin page (User Manager : Users : Authentication)

 

Cerberus FTP Server Drop-Down Settings for 2FA

2FA Drop Down Menu for SSH SFTP/SCP with different options

 

  • Ignore: Cerberus will bypass the use of 2FA for SSH and SFTP/SCP protocols, regardless of the status of 2 2-factor authentication. In this case, the user will not be required to enter 2FA credentials. Please note, this is not a recommended option unless absolutely necessary. A “warning badge” will be visible in the configuration page and the report page if this setting is made for the user.
  • Require When Status Enabled: Cerberus will require 2FA for SSH and SFTP/SCP protocols provided the status of 2 Factor Authentication is “Enabled”. In other words, the user will be required to enter 2FA credentials if the status of 2FA is enabled. If the status of 2FA is disabled, the user will not be required to enter 2FA credentials.
  • Require: Regardless of the status of 2 Factor Authentication, Cerberus will expect 2FA authentication for that user. If the status of 2 Factor Authentication is “Enabled”, the user will be able to authenticate via 2FA. If the status of 2 Factor Authentication is “Disabled”, the user won’t be able to authenticate as they won’t have the 2FA credentials but Cerberus will still expect them for successful authentication.

 

Please note that the same menu is available for Group Authentication settings as well (User Manager : Groups : Authentication). User settings are overridden by Group settings if the User is part of a Group unless the overriding button is enabled in the Authentication tab. To learn more about group settings and overriding, please refer to  Group Accounts in Cerberus FTP Server – Cerberus Support

Feedback

As always, we look forward to hearing how our customers use Cerberus and any additional improvements that would help make Cerberus FTP Server better. We would love to hear your feedback.