![]() ![]() Ssh MATHSNAME is your login name on the Maths servers, and In a new terminal window, type command:.zshrc forĬlose this terminal window, those profile settings take (Applications > Accessories > Terminal), typeĬut-and-paste each line, no need to re-type.Ĭp ~/Downloads/ssh-with-2fa.txt ~/bin/ssh-with-2faĮcho 'export PATH=~/bin:$PATH' > ~/.bash_profileĮcho 'export PATH=~/bin:$PATH' > ~/.zshrcĮcho 'alias scp="noglob scp"' > ~/.zshrc Your browser may stash the file somewhere other thanĭownloads, if so then select that place in the "cp" line below. Right-click the link above, choose SaveAs orĬlick and view, then press Ctrl-S to save. To the Downloads directory on your laptop. Mac users should install XQuartz (then reboot).TOTP, it accepts 17 codes out of a million (4-minute clock skew), andįollow these recommendations to use 2FA words or codes, and password,įor details, rationale, other ways or other things you can do, seeĭo the following to set things up on your laptop or home machine. Image, enlarged to read, instead of carrying a paper sheet. Skeys may be just as sexy: take a photo of the sheet and use that.6-word skeys are 64 bits, another billion times more secure again.3-word skeys are 32 bits, another thousand times more secure.2-word skeys are 22 bits, 12 times more secure (one-in-4million chance).Three-in-a-million chance (18.35 bits) for someone to guess correctly. TOTP is 6 digits, a million combinations of which 3 are accepted,.TOTP needs a new app to be installed, skeys get by on a sheet of.That image, also allowing you to enlarge to make it easier to read. Or, toĪvoid carrying the skey sheet, take a photo with your phone and use Just used, making it easy to find the next one when needed. Lines on your skey sheet decrement each time: cross out the last line (previously all were 6 words for better security, see below). You can choose between 2-word, 3-word or 6-word skey sheets When approaching the end of the sheet, see Paul again to obtain a Prompted (not the line number) each sheet has hundreds of lines. to go (back?) to skeys, on dora use commandĪre once-only passwords generated by iterated one-way encryption.Įach time you will need to type all the words from the line as You can set up TOTP remotely during a web-OTP or skey login session. Setting up TOTP takes precedence over skeys there is no need to have Running google-authenticator again, invalidates any previous setting No-reuse control: a second login is possible only after the code Our TOTP implementation is true one-time, non-replayable, with a Maybe use command totp-test to check codes.Įnsure the time on your device is correct, use "network time": set for On dora (in a terminal window, made large enough) use commandĪnd scan the QR code (or enter the secret key) into the authenticator app.Īt next login, you will be prompted for the TOTP authenticator Your computer, or as add-on in your browser). Install your favourite TOTP authenticator app (on your phone, on TOTP (aka OATH or "Google Authenticator").Okta does not directly support ssh our web-OTP relies on Okta, in Getting a web-OTP code takes precedence over TOTP or skeys (during its ![]() ![]() Possible only with a new code from the web page. Our web-OTP implementation is true one-time: a second login is NOTE: you need to get the Web-OTP code before starting the ssh See a five-character code: valid for 5 minutes, and for single use.Īt next ssh login, you will be prompted for this code. While TOTP or skeys need to be set up while in the School. You can use web-OTP anytime, without any prior setup Popular online services such as Google accounts, or banks. Provides a cheap, effective, additional layer of security, similar to Set up 2FA for your account 2FA two-factor authentication Port forwardings: other machines (e.g.File transfer made easy, without 2FA or.Network setup needed for internal laptops. Some ideas here may be useful without 2FA, e.g. How to log in to the Maths servers from "outside" machines, with ![]()
0 Comments
Leave a Reply. |