Two-factor authentication please read

Predrag Punosevac predragp at andrew.cmu.edu
Thu Feb 25 09:29:58 EST 2021 

No accounts will be closed just to accommodate 2FA. If your user name is
not the same as Andrew ID that will have to be fixed. I am still figuring
out what is the most effective way to do this.

P^2

On Thu, Feb 25, 2021, 3:33 AM Vincent Jeanselme <vjeansel at andrew.cmu.edu>
wrote:

> Good morning,
>
> I have the message: “We’re sorry, access is not allowed because you are
> not enrolled. Please contact your organisation’s IT help desk for
> assistance” when I ssh lop2
>
> My CMU id is *vjeansel*, I am in the group of people being intern before
> staff (so it seems that my AutonLab id mismatches). Please, don’t close my
> account if this is possible, I still have a few projects with the lab
>
> Best,
> Vincent
>
> On Feb 25, 2021, at 00:02, Predrag Punosevac <predragp at andrew.cmu.edu>
> wrote:
>
> 
> Dear Autonians,
>
> The times of password login or even passwordless with ssh keys are going
> the way of the dinosaurs. The Auton Lab cluster is one of the very few
> services at Carnegie Mellon University which can be accessed with a simple
> password. Shortly this is no longer going to be true. I have just turned on
> 2FA on
>
> lop2.autonlab.org
>
> and I will do it shortly on two other shell gateways. ssh access to the
> Auton Lab desktops is restricted only to their rightful owners so 2FA can
> wait a bit on personal desktops.
>
> At this point, I will need to ask everyone with a valid AndrewID or even
> with an alumni account to log into lop2.autonlab.org and make sure 2FA
> works for you. If you can read your Andrew emails via a browser you should
> not have any problems accessing the Auton Cluster with the same mobile
> device. If I don't hear back from you in the next 7 days I will assume that
> you are dandy and turn on 2FA on all our shell gateways.
>
> If your username is for some reason different than Andrew's ID we have to
> fix that (I am looking at you interns who became CMU grad students). There
> are in total 18 external accounts presumably without corresponding Andrew
> ID and I have the green light from sponsoring faculty to close most of
> those accounts. This is your last chance to access the system and get your
> belongings before I store them for safekeeping.
>
> There is a caveat to 2FA. I am fully aware that 2FA will break X2Go GUI
> access. I have little incentive to troubleshoot it as you can use reverse
> SSH proxy per our documentation
>
> https://www.autonlab.org/autonlab_wiki/new_arrivals.html#version-control
>
> for GUI or Gogs access.
>
> At this point, we have no intention to turn on 2FA inside the Lab or to
> require 2FA authentication for Version Control Server. Those things are
> located inside the outer perimeter firewall and have satisfactory security
> protection.
>
> Most Kind Regards,
> Predrag Punosevac
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.srv.cs.cmu.edu/pipermail/autonlab-users/attachments/20210225/6253ee24/attachment.html>

More information about the Autonlab-users mailing list