Duo FAQ

how to setup two factor?

You'll need to register your device with Duo to receive security codes, and can receive these codes by phone call, text message, or Duomobile app.

ssh $username@xtal200.harvard.edu
Password: [input password]
Please enroll at $url

Copy the url into a web browser, and follow the prompts to register. Please contact us at help@sbgrid.org if you encounter problems.

Configuring Options in SSH configuration

The DUO_PASSCODE environmental variable can be used to configure the method duo will use for validation: push (Duo mobile app), call (phone call) or sms (SMS text method). This can be set on the remote side (for example, in ~/.bashrc or ~/.cshrc on xtal2000.harvard.edu):

# bashrc example
export DUO_PASSCODE=push
# cshrc example
setenv DUO_PASSCODE push

Alternatively, this can be set locally by configuring DUO_PROFILE in ~/.bashrc, ~/.cshrc or ~/.zshrc and by adding a SendEnv block to the local ~/.ssh/config:

Host duo_test
  Hostname xtal200.harvard.edu
  SendEnv DUO_PASSCODE

For non-interactive connections (scp, rsync+ssh), push or call must be used for DUO_PUSH, otherwise they will hang and timeout.

Examples

ssh

user@system:~/$ ssh user0@xtal200.harvard.edu
Duo two-factor login for user0

Enter a passcode or select one of the following options:

 1. Duo Push to XXX-XXX-1234
 2. Phone call to XXX-XXX-1234
 3. SMS passcodes to XXX-XXX-1234

Passcode or option (1-3): 1

Pushed a login request to your device...
Success. Logging you in...
 _________________________________________
/ Welcome to xtal200.harvard.edu user0. \
\ You have landed on duo0-test.         /
 -----------------------------------------
       \   ,__,
        \  (oo)____
           (__)    )\
              ||--|| *
===================================================
- OS X Software Installer is available for download.
 - Visit our wiki for more information: https://sbgrid.org/wiki/client_install
 - Please support SBGrid by citing the Consortium manuscript:
 - eLife 2013;2:e01456, "Collaboration gets the most out of software".
 - X-ray diffraction datasets should be deposited with SBGrid Data Bank
 - http://data.sbgrid.org/.
===================================================
NOTE:
 - We recommend using ssh keys https://sbgrid.org/corewiki/faq-setting-up-key-based-ssh
 - Remote access FAQ at https://sbgrid.org/corewiki/faqs-remote
 - 2FA SSH ACCESS is coming in October! See https://sbgrid.org/corewiki/duo-ssh-faq
===================================================
   Email help@sbgrid.org for assistance, questions, or feedback.

scp/rsync/sftp

These commands are non-interactive, so there is not analogous menu for push/call/sms - if the DUO_PASSCODE environmental method isn't set, this will use your default method.

If you are using sms as DUO_PASSCODE, use the initial push to recieve passcodes, and then set DUO_PASSCODE to the value of the next passcode.