Authenticating With GhostPorts

If you are a GhostPorts-only user or a Halo user with GhostPorts access, you will have been assigned one of two multi-factor authentication methods: YubiKey plus Halo password, or SMS code plus Halo password. The process that you follow to authenticate is simple:

1. Prepare for authentication

• For SMS authentication, log into the Halo portal to verify your authentication phone number.

  For detailed instructions, see Verify Your Phone Number (for SMS Authentication).

• For YubiKey authentication, obtain your activated YubiKey device from your administrator.

2. Authenticate and access your servers

• Using any computer anywhere, log into the Halo portal and authenticate to GhostPorts.

  For detailed instructions, see Authenticate to GhostPorts.

• During a time window, access your servers directly from that same computer.
• Optionally close GhostPorts when you are finished.

  For detailed instructions, see Manually Close GhostPorts.

Verify Your Phone Number (for SMS Authentication)

If you will be authenticating to GhostPorts with an SMS code, you first need to verify to Halo that the authentication phone number assigned to you is the correct one. The verification process includes demonstrating that the phone can receive a code from Halo.

Step 1: Go to https://portal.cloudpassage.com/login and enter your Halo username and password.

Step 2: Go to the Phone Verification page:

• If you are a GhostPorts user but not a Halo user, you are brought directly to the page.
• If you are both a Halo user and GhostPorts user, you see a banner on the Dashboard page when you first log in. The banner contains a link that takes you to the Phone Verification page.

  

Step 3: In the Phone Verification form, inspect the partially masked phone number, of the form XXX-XXX-XX67. to verify that the last two digits displayed match the number of the phone that you are authorized to use to authenticate to GhostPorts.

Note:  If the displayed phone number is not correct, contact your Halo site administrator to change it.

Step 4: If the phone number matches:

• Click Send Verification Code so that Halo can send a verification code to that phone number.
• When you receive the message on your phone, copy the six-digit verification code into the Verification Code field on the GhostPorts page, then click Submit.

Note:  You have 5 minutes from the time you click Send Verification Code until the code expires. If you do not complete this step within that time, you can click Send Verification Code again to have another code sent to you.

If Halo receives the code successfully, it displays the following on the GhostPorts page:

Your authentication phone number is verified, and you now can log into GhostPorts to access your servers.

Authenticate to GhostPorts

Note:  If you have logged into the Halo portal using multi-factor network authentication or through single sign-on, and if you click the GhostPorts button within one minute of logging into Halo, you are immediately authenticated to GhostPorts and you don't have to follow the procedure described in this section. But if you wait for over a minute before clicking Ghostports, or if you have logged into Halo using your Halo password, you will need to authenticatte to GhostPorts as described here.

To authenticate to GhostPorts, follow these steps:

1. Go to https://portal.cloudpassage.com/login and enter your Halo username and password.
2. Go to the Open GhostPorts page:
   • If you are a GhostPorts-only user, you are brought directly to the GhostPorts is Closed page.
   • If you are both a Halo user and a GhostPorts user, click the closed GhostPorts button ( ) in the Halo portal menu bar. The GhostPorts is Closed page appears—for SMS authentication, for YubiKey, or for both, depending on which authentication types you are enabled for.

     

3. Click either Send SMS or Use YubiKey.

   Authenticate with SMS:

   

   1. If you clicked Send SMS, an SMS message containing an authentication code has been sent to your phone. When it arrives, enter it into the Authentication Code field.

      Note:  The code is sent by SMS, and normal text-messaging charges for your account may apply.

   2. Click Submit to send the SMS authentication code to GhostPorts.

      Note:  You have 5 minutes from the time you receive the code to enter it into the field and click Submit. If you do not send the code before it expires, you can click Re-send Authentication Code to receive another code.

   Authenticate with a YubiKey:

   

   1. If you clicked Use YubiKey, place your YubiKey into the USB port on your computer, with the metal contacts and circle facing upward ().
   2. Click within the Enter YubiKey field to make it active.
   3. Initiate your YubiKey by lightly touching the top of the key on the green-centered light for about one second. Do not press any other key on your keyboard. You will see the field fill with the value generated by your YubiKey.
   4. Click Submit to send the YubiKey authentication code to GhostPorts.

After you have authenticated successfully, the GhostPorts is Open page displays a success banner:

Also, in the portal page header, the GhostPorts button ( ) now indicates that GhostPorts is open.

Congratulations! You are now ready to connect to cloud servers that are authorized by Halo for your access. Before attempting access, allow a few moments for Halo to communicate your GhostPorts status to your cloud servers.

Manually Close GhostPorts

If you are accessing a server through multi-factor network authentication, that access will automatically terminate and the port you are using will be closed after the session expiration time is reached (by default, four hours after you opened GhostPorts). Note that logging out of the portal does not close your open GhostPorts.

If you want to to maintain the highest security on your servers, you can optionally close GhostPorts before the time limit, as soon as you no longer need access. When you have finished using your servers, click the open GhostPorts button ( ) in the Halo portal page header. The GhostPorts is Open page appears:

Click Close GhostPorts to immediately terminate permission to log into the server from your IP address.

Note:  If another GhostPorts user is also accessing the same ports on the same server group from the same IP address, the ports won't be closed until that user either manually closes them or is timed out.

After you have successfully closed the ports, the GhostPorts is Closed page displays a success banner:

Copyright ©2014 CloudPassage Inc. All rights reserved. CloudPassage^® and Halo^® are registered trademarks of CloudPassage, Inc.