Security

Authentication

In order to access a remote Host you must authenticate on that Host, i.e. provide your access credentials in a security prompt window when you start a remote session.

Remote Utilities supports different authentication methods. You can enable multiple methods on the Host and use either of those to authenticate on that Host.

Single password

This is the simplest way to log in on a remote Host. Only a single password is used to authenticate. You can create access password during Host installation or later in the Host settings.

Enabling Single password authentication

Navigate to Authentication, select Single password checkbox, then enter and confirm a new password and click OK:

Set single password

Changing existing password

  1. Navigate to Authentication and click Change password...: Change single password
  2. Click Yes in the warning message: Confirm changing single password
  3. Enter and confirm a new password and click OK: Set and confirm single password

Removing existing password

  1. Navigate to Authentication and click Remove: Remove single password
  2. Click Yes in the warning message: Confirm single password removal

Important!

For security reasons, there are no technical, blank or default passwords. If no authentication method is enabled, you will NOT be able to connect to this Host. Make sure that you enable at least one authentication method.

Remote Utilities security

Use this authentication method if you want to create multiple user accounts with different permissions for each account.

To enable this method select the Remote Utilities security check box. Make sure that you created user/users and set access permissions for them (see below).

Creating users and setting access permissions

Accounts that you create in this dialog apply to this specific Host only. They are not centrally stored anywhere. If you want to create same accounts for multiple Host installations, use the MSI Configurator to pre-configure your custom Host installer with the necessary accounts.

  1. Navigate to Authentication and click Users and access control...: Users and access control
  2. Click Add...: Add user
  3. Create a user and password. You can optionally enable Ask user permission option for this user. Click OK: Enter user details
  4. In the Rights box set permissions for this user and click OK: Set permissions

    Important!

    The selected connection mode must also be allowed in the global permission settings in the Modes tab, see below.

Editing user

  1. Navigate to Authentication and click Users and access control...: Users and access control
  2. Select a user in the list and click Edit...: Edit button
  3. Make the necessary edits and click OK: Editing user dialog

Removing user

To remove a user, select the user in the list and click Remove:

Removing user

Windows security

With this authentication method you can use Windows accounts to authenticate on a remote Host. To enable this method select the Windows security check box and set permissions as described below.

To add a Windows user and set access permissions:

  1. Navigate to Authentication and under "Windows security" checkbox click Permissions...: Windows Security
  2. Click Add... Windows Security - Adding user
  3. Select Windows accounts that you want to grant or deny access to this Host and click OK. Windows Security - Select account
  4. Select an account in the list, set permissions for this account and click OK: Windows Security - Setting permissions
  5. To apply the settings click OK in the main Host settings window: Windows Security - Main window

Custom server security

Custom server security allows you to use Remote Utilities self-hosted server as your authentication server/hub. Please refer to setting up authentication server guide.

Two-step verification

Two-step verification (also known as two-factor authentication, or 2FA) adds another layer of security and guarantees that your Hosts are well protected from unauthorized access even if someone guessed your access password.

Here is how to enable 2-step verification on a single Host:

  1. In Host configuration window navigate to 2-step verification and select Activate two factor authentication checkbox: Enable 2 factor
  2. Use a mobile authenticator app to scan the QR code shown in window. We recommend using Google Authenticator app or Microsoft Authenticator app for smartphones: Scan QR code
  3. Enter the numeric code shown in your authenticator app: Enter code
  4. Click OK. You have now set up the Host to use 2-step verification. When you connect in to this Host from the Viewer, you will need to enter a one-time password (OTP) in addition to the credentials for the authentication method that you use.

When you configure a custom build using the MSI Configurator, you are essentially creating a “master" installer file that you deploy on multiple remote computers. If you enable 2-step verification during MSI configuration you’ll be using the same security code for all the Hosts that you deployed using your custom build.

Confirmation

In the Confirmation dialog you can enable Ask user permission:

Confirmation tab

IP-filter

Use IP-filtering to restrict access to this Host for a specific IP address or IP address range:

IP filter
  • Allow everyone, except – add an IP address or range to the white list
  • Deny everyone, except – add an IP address or range to the black list
  • Edit – click to specify an IP address or a range

Modes

Use Modes to globally allow or deny specific connection modes for any user who connects in to this Host. To further fine tune access permissions for specific users use the respective authentication method permissions dialog.

Modes

For example, to quickly deny File Transfer mode on this Host to all users uncheck File Transfer in the Modes tab and click OK.

Host identity

Remote Utilities has a certificate-based Host identity check mechanism. This mechanism doesn't require any configuration and works automatically.

The first time you connect to a remote Host the Host’s public key (certificate) is fetched and stored on the Viewer side. The next time you connect in to the same Host the certificate is used to verify Host's identity.

The Host certificate is automatically generated for you in Host identity tab:

Host identity tab

You can re-issue a certificate manually if needed by clicking on Generate new.

If the Host certificate differs from the one stored by the Viewer, a warning message appears on the Viewer side:

Host identity warning in Viewer

If you believe that this is the same Host installation that you previously connected to (e.g. you re-installed the Host and certificate was reset), click Yes. This will update the certificate cache on the Viewer side. Otherwise click No.

This website uses cookies to improve user experience. By using this website you agree to our Terms of Service and Privacy Policy.