TOTP MFA
TOTP is an open standard for multi-factor authentication. The user needs to have a mobile client installed such as the free Google Authenticator or Authy.
To enable TOTP for Guacamole, please follow the following steps.
- SSH into the Guacamole instance as
ec2-user
. - Link the
totp
extension into the right location. Execute from/home/ec2-user
:
sudo ln -s ../available-extensions/guacamole-auth-totp-1.5.2/guacamole-auth-totp-1.5.2.jar \
/home/ec2-user/guaws/guacamole/etc/extensions/
- Restart the guacamole services with
sudo systemctl restart guaws
. - Enable the "Change own password" permission for all users. This permission can also be set on a group level.
After logging into Guacamole you will be greeted with a setup screen to pair your mobile device. Follow the instructions on the screen. All users will be required to setup TOTP before they can use Guacamole.