2FA for SSH

Two factor authentication for SSH service

Note: We have suspended 2FA requirement.

CS Department requires 2 factor authentication ssh connections to our servers. The first time you ssh into a CS server, it will generate a 2FA profile for your account and display the QR code on your login screen.

See sample screenshots below:

Scan the QR code with your DUO app. Remember to SAVE it!

Next time when you ssh to CS server, it will prompt you for verification code along with your CS password.

NOTE: If you use Tectia, Bitvise, make sure the ‘Authentication Method’ is set to ‘Keyboard Interactive’ NOT ‘Password’ or ‘Default Settings’.

If you have Mac OS or Linux, then edit the file /etc/ssh/ssh_config:

(Edit the file on your own computer NOT the file on CS servers)

Add the line below to /etc/ssh/ssh_config file (anywhere in the file will do. )

KbdInteractiveAuthentication yes

Save it and run command ssh again. You should be able to input verification code and your password.

Recommended command:

sudo pico /etc/ssh/ssh_config

Type in your Mac password and then edit the file (Edit the file on your own computer NOT the one on CS servers)

If you have trouble with 2FA or lost your 2FA record, please contact Systems Group and ask for a 2FA reset.