Two-factor authentication please read
Predrag Punosevac
predragp at andrew.cmu.edu
Wed Feb 24 19:01:28 EST 2021
Dear Autonians,
The times of password login or even passwordless with ssh keys are going
the way of the dinosaurs. The Auton Lab cluster is one of the very few
services at Carnegie Mellon University which can be accessed with a simple
password. Shortly this is no longer going to be true. I have just turned on
2FA on
lop2.autonlab.org
and I will do it shortly on two other shell gateways. ssh access to the
Auton Lab desktops is restricted only to their rightful owners so 2FA can
wait a bit on personal desktops.
At this point, I will need to ask everyone with a valid AndrewID or even
with an alumni account to log into lop2.autonlab.org and make sure 2FA
works for you. If you can read your Andrew emails via a browser you should
not have any problems accessing the Auton Cluster with the same mobile
device. If I don't hear back from you in the next 7 days I will assume that
you are dandy and turn on 2FA on all our shell gateways.
If your username is for some reason different than Andrew's ID we have to
fix that (I am looking at you interns who became CMU grad students). There
are in total 18 external accounts presumably without corresponding Andrew
ID and I have the green light from sponsoring faculty to close most of
those accounts. This is your last chance to access the system and get your
belongings before I store them for safekeeping.
There is a caveat to 2FA. I am fully aware that 2FA will break X2Go GUI
access. I have little incentive to troubleshoot it as you can use reverse
SSH proxy per our documentation
https://www.autonlab.org/autonlab_wiki/new_arrivals.html#version-control
for GUI or Gogs access.
At this point, we have no intention to turn on 2FA inside the Lab or to
require 2FA authentication for Version Control Server. Those things are
located inside the outer perimeter firewall and have satisfactory security
protection.
Most Kind Regards,
Predrag Punosevac
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.srv.cs.cmu.edu/pipermail/autonlab-users/attachments/20210224/c9e8e0ce/attachment.html>
More information about the Autonlab-users
mailing list