LogonBox SSPR 2.3.16

Windows two-factor authentication


LogonBox is pleased to announce the immediate availability of LogonBox SSPR 2.3.16.
This release includes updates to the deployable VM images, extra customisation around messaging for the logon banner and RADIUS authentication and an update to the LogonBox Password Manager browser extension.

Updates to the virtual machine images

Our VM images now run on the latest Debian 11 Bullseye release where possible. The Debian project should support this release for security updates until 2026.

With the Azure and ISO images, these still run on Debian 10 Buster due to technical limitations. Debian 10 is still in support until 2024.

We have the following guides available if you wish to upgrade the operating system on an already deployed image. We recommend that you upgrade the OS one version at a time. Therefore, if you want to go from Debian 9 to 11, stage the upgrade via Debian 10.

Upgrading Debian 9 to 10:

Upgrading Debian 10 to 11:

SSH on the VM images is now disabled by default, except for our cloud hypervisor images where SSH access is via key authentication. If you wish to enable SSH on an on-prem image, you can do this from VMCentre on the console.

To do this, go to the Services tab, click the options button next to SSH Server and tick ‘Start this service upon boot’.

The OVA and OVF images have VMware tools installed by default (open-vm-tools).

RADIUS improvements

The default ‘password’ prompt caused some confusion amongst some users.
Therefore the default prompt has been changed to ‘passcode’ to differentiate it from a user’s AD password, for example.

It is possible to alter this prompt to any text of your choice.
Edit your Authentication Flow and click the edit icon on the RADIUS module. You should see a new User Interface tab which contains the field for the prompt.</p

Formatting options for the logon banner

Support for some HTML tags now exists in the Logon Banner. The Logon Banner is the message you can display after a user clicks on My Account.
This configuration is in Authentication Flows->Authentication Options->Logon.
The following HTML tags may now be used to help you format any messages you wish to display: “b”, “i”, “u”, “sup”, “sub”, “strong”, “big”, “small”, “br”, “span”, “em”, “p”, “div”, “h1”, “h2”, “h3”, “h4”, “h5”, “h6”, “blockquote”.

Password Manager improvements

The Password Manager browser extension has several improvements, including:

  • Sharing passwords with other users
  • Displaying a site’s favicon next to the password resource
  • Allows users to create a hierarchy of folders under Personal Folders
  • The extension can display ten items by default now

Upgrade Instructions

You can directly upgrade from the web UI or the operating system.

To upgrade from the web UI, log on with your admin account, navigate to Server Status from the main dashboard and click Update. You may also be prompted automatically on login if you have Updates, Features & Licensing->Update Prompt turned on.

To upgrade from the operating system:

On Windows – download the new installer, run the installer, and follow the prompts.

On a LogonBox VM – from a shell, type in:

apt update
apt upgrade

If you are still running a version before 2.3, you will need to perform some extra steps from the OS, as detailed here:


Our support team will upgrade Cloud customers over the coming week.


Here is a summary of the changes in this release.


  • On-prem VM builds now have SSH disabled by default
  • New VM builds now run on Debian 11 bullseye (except ISO and Azure).
  • OVA and OVF images now have VMware tools installed.
  • You can now customise the RADIUS password prompt.
    The default prompt for RADIUS is now Passcode rather than Password.
  • Support for some HTML tags now exists in the Logon Banner.
    The browser Password Manager extension has several improvements.


  • Usernames that contain only numbers when used with email One Time Password no longer generate an error on a password reset.
  • Users can no longer log in to My Account when the account is suspended.
  • An attempted password reset for a user that does not yet have a completed profile no longers results in a null error.
  • When editing a message template, in the HTML tab, any existing text displays immediately rather than needing to click in the field first.
  • Generating a CSR now succeeds when a comma exists in the Organization field.
  • Create Account button is now visible again on the portal page.