In April of this year, we made the hard decision to restrict remote access to the lab machines to on-campus or VPN only.
Since then, we’ve been looking at options for integrating two-factor authentication in order to make the Linux machines directly accessible off campus once again. The 2fa solution that we’ve settled on is password + TOTP authentication.
When connecting to the CADE Linux machines from on campus or the VPN, you may connect as usual with a password or an SSH key. When connecting from off campus, you’ll need both your CADE password and a one time code.
To register a TOTP app, log into the CADE Linux machines from on-campus or the VPN.
1. Go to Applications > CADE > Configure 2FA or from a terminal run configure-2fa.sh. This will display a QR Code on the screen.
2. Using Duo (or any other TOTP app), scan the QR Code. This will create a new entry for the CADE Linux machines.
3. When SSHing from off campus, you will be prompted to enter your password, followed by a prompt to enter your TOTP code.