diff --git a/docs/api.md b/docs/api.md index 8eadf6c..ac2186a 100644 --- a/docs/api.md +++ b/docs/api.md @@ -10,7 +10,7 @@ All APIs are restricted to authentication. To make requests, you either need to or get a token and pass it as a cookie with each request. !!! note - With enabled [2FA](auth), you will need to add the one-time code to the password without spaces. That is, if the password is `foobar` and the code is `123456`, then you need to use `foobar123456` as the password. + With enabled [2FA](auth.md#two-factor-authentication), you will need to add the one-time code to the password without spaces. That is, if the password is `foobar` and the code is `123456`, then you need to use `foobar123456` as the password. ### Single request auth diff --git a/docs/auth.md b/docs/auth.md index 40bb4ba..8c58cd2 100644 --- a/docs/auth.md +++ b/docs/auth.md @@ -50,7 +50,7 @@ Steb-by step to enable 2FA: 3. Install **Google Authenticator** app to your phone ([iOS](https://apps.apple.com/us/app/google-authenticator/id388497605), [Android](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2)). It will generate one-time access codes. -4. Configure one-time codes on PiKVM: +4. Create a secret for one-time codes on PiKVM: ``` rw kvmd-totp init @@ -63,3 +63,7 @@ Steb-by step to enable 2FA: !!! note With 2FA for API or VNC authentication, you will need to add the one-time code to the password without spaces. That is, if the password is `foobar` and the code is `123456`, then you need to use `foobar123456` as the password. + +To view the current QR code of the secret use `kvmd-totp show`. + +To disable 2FA, use `kvmd-totp del`. diff --git a/docs/first_steps.md b/docs/first_steps.md index 63cc3a7..ec4b5b8 100644 --- a/docs/first_steps.md +++ b/docs/first_steps.md @@ -98,7 +98,7 @@ For future examples, let's assume that your PiKVM has received the address **192 # kvmd-htpasswd del # Removes/deletes a user ``` - Optionally you can enable the [two-factor athentication](auth). + Optionally you can enable the [two-factor authentication](auth.md#two-factor-authentication). ## Configuring PiKVM diff --git a/docs/ipmi.md b/docs/ipmi.md index e5fcc35..ea8d23a 100644 --- a/docs/ipmi.md +++ b/docs/ipmi.md @@ -10,7 +10,7 @@ IPMI is an [old protocol](https://en.wikipedia.org/wiki/Intelligent_Platform_Man It can be useful for managing a large number of machines with PiKVM. Its advantage is that it is supported by many enterprise systems. !!! warning - Although PiKVM supports the IPMI protocol, we strongly recommend that you **DO NOT USE IT** outside of trusted networks due to the protocol's [insecurity](https://github.com/NitescuLucian/nliplace.com.blog.drafts). Use Redfish or [KVMD API](api.md) instead of it. Also IPMI can not work with [2FA](auth). + Although PiKVM supports the IPMI protocol, we strongly recommend that you **DO NOT USE IT** outside of trusted networks due to the protocol's [insecurity](https://github.com/NitescuLucian/nliplace.com.blog.drafts). Use Redfish or [KVMD API](api.md) instead of it. Also IPMI can not work with [2FA](auth.md#two-factor-authentication). To enable IPMI BMC follow these steps: diff --git a/docs/vnc.md b/docs/vnc.md index bf277ce..34617c8 100644 --- a/docs/vnc.md +++ b/docs/vnc.md @@ -43,7 +43,7 @@ As an alternative to the web interface, you can use VNC with various desktop cli 5. Switch filesystem back to read-only: `ro`. !!! note - With enabled [2FA](auth), you will need to add the one-time code to the password without spaces. That is, if the password is `foobar` and the code is `123456`, then you need to use `foobar123456` as the password. Also note that `vncauth` (step 3) will not work with 2FA. + With enabled [2FA](auth.md#two-factor-authentication), you will need to add the one-time code to the password without spaces. That is, if the password is `foobar` and the code is `123456`, then you need to use `foobar123456` as the password. Also note that `vncauth` (step 3) will not work with 2FA. ## Configuring the client