Putty like experience with MFA

maestro7879 · March 20, 2024, 7:39pm

Is it possible for users to connect to a node using Putty or even the headnode ?
We are currently using Okta for authentication/MFA.

The goal is to provide access via Putty and also have MFA (Probably DUO).
Has this been done anywhere?

jeff.ohrstrom · March 20, 2024, 9:21pm

It’s not clear how Open OnDemand fits into this question, but we have MFA enabled on our systems for ssh users. That is - if they ssh into certain systems they get prompted for MFA.

I’m guessing we use this - Duo Unix - Two-Factor Authentication for SSH (login_duo) | Duo Security but @tdockendorf will have to confirm.

tdockendorf · March 21, 2024, 12:41pm

OSC uses the “login_duo” method via sshd_config:

Match Group duo Host *,!*.osc.edu
    ForceCommand /usr/sbin/login_duo
    PubkeyAuthentication no

Essentially we force Duo for users of “duo” group and for those connecting to our systems from outside OSC. Once someone is inside our network we do not require Duo.

Topic		Replies	Views
Has anyone used OOD with KeyCloak to set up 2FA to AD + Radius Get Help question	4	580	May 26, 2022
Kerberized storage with OOD Get Help question	4	461	May 26, 2022
Linux Host Adapter connect to localhost Feature Requests and Roadmap Discussion	6	616	March 21, 2023
OOD 1.8 and Okta SAML2 and ADFS authentication Get Help question	3	722	May 26, 2022
OOD 2.0.27 and Rocky Linux 8.6 authentications and beyond Get Help doc-request	6	437	February 4, 2023

Putty like experience with MFA

Related Topics