SecureShell/MFA

From UMIACS
Revision as of 14:58, 19 November 2019 by Derek (talk | contribs) (Created page with "Interactive shell access to UMIACS is going to be restricted to users who pass our multi-factor authentication requirements. We have introduced this in our VPN and now will b...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Interactive shell access to UMIACS is going to be restricted to users who pass our multi-factor authentication requirements. We have introduced this in our VPN and now will be introducing this requirement in our external SSH connections.

SSH has two different authentication methods that we support currently, an interactive password authentication or a ssh public key authentication. This will now require that connections external from UMIACS networks will need to pass our Duo multi-factor authentication in addition to an interactive password based authentication. Currently we do not support public key based authentication and Duo multi-factor authentcation from external networks.

Users may use the VPN to attach to a UMIACS network or be physically in a location with UMIACS network access then use a ssh public key and will not be required to do an additional Duo multi-factor authentication.

$ ssh derektest@xanadu.umiacs.umd.edu
Password:
Duo two-factor login for derektest

Enter a passcode or select one of the following options:

 1. Duo Push to XXX-XXX-XXXX
 2. Phone call to XXX-XXX-XXXX
 3. SMS passcodes to XXX-XXX-XXXX (next code starts with: 1)

Passcode or option (1-3):