Looks like this is the Royal Server V5 BETA Version now.
I just want to say I've installed damn. I am so impressed with how this is implemented! Great work on this!
Only suggest I can think to make really is on the "Opening Tunnel....." I would love to see a "Awaiting 2FA" or something like that.
Other than this, honestly excellent job here.
Thanks for the kind words, Robert! I'm glad the implementation works well for you.
Since the MFA code prompt is triggered by a custom authentication request on the SSH protocol level, we actually don't know if a MFA code will be requested until we get the authentication request on the client side. Therefore it will not be possible to figure this out beforehand and let the client display a different message at that point. Sorry!
Is the beta implementing MFA available now ? If so what's the process for getting it ?
Hi Stephen,
you can find our beta versions here: https://www.royalapps.com/go/kb-all-downloadbeta
Docs are still a work in progress but can be found here: https://docs.royalapps.com/r2022/royalserver/management/multi-factor-authentication/index.html
Please make sure you test beta versions on non-production/non-critical machines and make backups of your files/settings before you proceed.
Regards,
Stefan
okay, finally got this working today and first impressions are good.
A few suggestions
1) When adding the MFA users and the standard windows "Select Users or Groups" comes up, it would be good to default to Entire directory if the server is in a domain. An alternate would be to detect where in the tree the last search was performed from and repeat the use of that node unless changed.
Adding a number of domain users gets old real quick when having to keep switching from the local server to the domain :(
2) I'd like the ability to add both the user_id and the cache timeout to the MFA userlist via the column chooser. In general I think you should have the option of seeing every value presented in the user that exists in the edit field for a user
All in all this is really promising and I'm looking forward to seeing where it ends up ! It helps enormously with the sell job to management both of Royal TS and RoyalServer
Hey Stefan,
Any idea on when this will come out of beta and into the stable version?
We have no specific date right now. We are currently reworking the Royal Server console UI and we are not really sure how long this will take but we aim for May, hopefully April.
New UI looks very good! Hopefully we have a full release shortly! Our team is dying to get this but in-stable!
The official version of Royal TS Gateway with MFA was released ?
Thank you
Still in beta but the release is just around the corner. Stay tuned...
Hi Koell,
as our Security Company push us to move away from Royal TS if not MFA implement, can you please indicate a deadline for the official release ? We need to indicate this info in order to have internal approval for a security exception. aka accept the risk for some time ....
Thank you
I can't really tell the exact date, sorry. All I can say is that we are currently working on finalizing everything for the release. I surely hope it will be before the end of August - probably/hopefully earlier.
Hi Koell
any new on this ?
thank you
Hi Serban,
yes, we released our new major versions a couple of days ago. See: https://www.royalapps.com/go/kb-server-main-releasenotes
Regards,
Stefan
Good news Stefan !
We will test the new version with MFA and provide feedback.
Regards
Massameno, Dan
=== Feature Enhancement Request ===
We're trying out the Multifactor Authentication (MFA, a.k.a, two-factor or 2FA) feature on the Document Store on Royal Server. It works great! But that's not quite what we needed.
Can we do MFA on the Royal Server Secure Gateway? For instance, when the engineers arrive in the morning they would have to MFA to get their first connection through the Secure Gateway but after that, all new sessions would go through the Secure Gateway without re-checking the MFA.
There should probably be a setting for Maximum-Session-Time to time-out the session and force the MFA to repeat. We'd probably set ours to 30 hours or something to let users get a full day's work in.
We use Duo Security here but the Microsoft Authenticator is a valid second option for us.
Thank you.
11 people like this idea