Putty like experience with MFA

Is it possible for users to connect to a node using Putty or even the headnode ?
We are currently using Okta for authentication/MFA.

The goal is to provide access via Putty and also have MFA (Probably DUO).
Has this been done anywhere?

It’s not clear how Open OnDemand fits into this question, but we have MFA enabled on our systems for ssh users. That is - if they ssh into certain systems they get prompted for MFA.

I’m guessing we use this - Duo Unix - Two-Factor Authentication for SSH (login_duo) | Duo Security but @tdockendorf will have to confirm.

OSC uses the “login_duo” method via sshd_config:

Match Group duo Host *,!*.osc.edu
    ForceCommand /usr/sbin/login_duo
    PubkeyAuthentication no

Essentially we force Duo for users of “duo” group and for those connecting to our systems from outside OSC. Once someone is inside our network we do not require Duo.

1 Like