Two-factor authentication please read
Predrag Punosevac
predragp at andrew.cmu.edu
Thu Feb 25 10:13:16 EST 2021
No. I don't control the Duo server. I am almost 95% sure that no to Jim and
some other guys is due to the same reason. We use the same Duo server as
CMU and their identity office is setting defaults. I have received 2 dozen
emails and it appears that I have more things to do than originally
anticipated. It will take me a few weeks to clear the issues.
P^2
On Thu, Feb 25, 2021, 10:06 AM Anthony Wertz <awertz at cmu.edu> wrote:
> Worked for me. I wonder, since there’s only one option (duo push) can that
> be selected automatically? I know I’m being lazy asking you to save us two
> keystrokes, but…. I’m lazy. :-)
>
>
> - Anthony
>
> El feb. 24, 2021, a las 19:01, Predrag Punosevac <predragp at andrew.cmu.edu>
> escribió:
>
> Dear Autonians,
>
> The times of password login or even passwordless with ssh keys are going
> the way of the dinosaurs. The Auton Lab cluster is one of the very few
> services at Carnegie Mellon University which can be accessed with a simple
> password. Shortly this is no longer going to be true. I have just turned on
> 2FA on
>
> lop2.autonlab.org
>
> and I will do it shortly on two other shell gateways. ssh access to the
> Auton Lab desktops is restricted only to their rightful owners so 2FA can
> wait a bit on personal desktops.
>
> At this point, I will need to ask everyone with a valid AndrewID or even
> with an alumni account to log into lop2.autonlab.org and make sure 2FA
> works for you. If you can read your Andrew emails via a browser you should
> not have any problems accessing the Auton Cluster with the same mobile
> device. If I don't hear back from you in the next 7 days I will assume that
> you are dandy and turn on 2FA on all our shell gateways.
>
> If your username is for some reason different than Andrew's ID we have to
> fix that (I am looking at you interns who became CMU grad students). There
> are in total 18 external accounts presumably without corresponding Andrew
> ID and I have the green light from sponsoring faculty to close most of
> those accounts. This is your last chance to access the system and get your
> belongings before I store them for safekeeping.
>
> There is a caveat to 2FA. I am fully aware that 2FA will break X2Go GUI
> access. I have little incentive to troubleshoot it as you can use reverse
> SSH proxy per our documentation
>
> https://www.autonlab.org/autonlab_wiki/new_arrivals.html#version-control
>
> for GUI or Gogs access.
>
> At this point, we have no intention to turn on 2FA inside the Lab or to
> require 2FA authentication for Version Control Server. Those things are
> located inside the outer perimeter firewall and have satisfactory security
> protection.
>
> Most Kind Regards,
> Predrag Punosevac
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.srv.cs.cmu.edu/pipermail/autonlab-users/attachments/20210225/a5317ae0/attachment.html>
More information about the Autonlab-users
mailing list