Skip to end of metadata
Go to start of metadata

Use of Duo two-factor authentication (https://www.duosecurity.com) is required for access to HCC clusters. Users will connect via SSH and enter their username/passwords as usual. One additional authentication step through Duo is then needed before the login is completed. This second authentication can be in several different forms (cell phone, YubiKey hardware token), and is user-selectable at each login. A brief description of each is provided below. See the Duo Authentication Methods page for more details.

Initial Setup

Most HCC account holders use the Duo Mobile application on their smartphone or purchase a YubiKey USB device.

Smartphone

  1. Install the free Duo Mobile application from the Google Play StoreApple App Store or Microsoft Store.
  2. Visit either HCC location (118 Schorr Center, UNL || 152 Peter Kiewit Institute, UNO) in-person anytime from 9am-5pm to enroll. Bring a valid photo ID such as your university ID card or drivers license.

Faculty/staff members with a verified NU telephone number can enroll by phone. If you would like an HCC staff member to call your NU telephone number to enroll, please email hcc-support@unl.edu with a time you will be available.

YubiKeys

YubiKey devices are currently a one-time cost of $22 from HCC, or can be purchased from Yubico and added in-person at either HCC location. Purchasing a YubiKey from HCC must be done via a University cost object transfer (HCC cannot accept cash or credit cards). Please bring the cost object number with you if possible. YubiKeys are available from the Union Bookstore at UNL for a one-time cost of $25 each.

Example login using Duo Push

This demonstrates an example login to Crane using the Duo Push method. Using another method (SMS, phone call, etc.) proceeds in the same way.  (Click on any image for a larger version.)

First, a user connects via SSH using their normal HCC username/password, exactly as before.

Account lockout

After 10 failed authentication attempts, the user's account is disabled. If this is the case, then the user needs to send an email to hcc-support@unl.edu including his/her username and the reason why multiple failed authentication attempts occurred.

After entering the password, instead of completing the login, the user will be presented with the Duo prompt. This gives the choice to use any authentication method that the particular account is setup to use. In this example, the choices are Duo Push notification, SMS message, or phone call. Choosing option 1 for Duo Push, a request to verify the login will be sent to the user's smartphone.

Simply tap Approve to verify the login.

If you receive a verification request you didn't initiate, deny the request and contact HCC immediately via email at hcc-support@unl.edu.

In the terminal, the login will now complete and the user will logged in as usual.

 

Duo Authentication Methods

Duo Push  [Watch the Duo Push Demo]


Photo credit:  Duo Security

For smartphone or tablet users (iPhone, Android, Blackberry, Windows Phone), the Duo Mobile app is available for free. A push notification will be sent to the device, and users can simply confirm the login with one tap.

Duo Mobile

 

Photo credit:  Duo Security 

The Duo Mobile app can also be used to generate numeric passcodes, even when cell service is unavailable. The passcode is then entered manually at the login prompt to complete authentication.

SMS Passcodes

For non-smartphone users, Duo can send passcodes via normal text messages which are entered manually to complete login. Please note since this is an SMS message it may not be free, depending on the details of the particular cell phone plan.

Phone Callback

For users with cell phones who prefer not to use any of the above methods and for those with landline phones, Duo will call the phone and provide a passcode via automatic voice message. The passcode is then entered manually to complete the login.

YubiKey [Yubico]


Photo credit:  Yubico

YubiKeys are USB hardware tokens that generate passcodes when pressed. They appear as a USB keyboard to the computer they are connected to, and so require no driver software with almost all modern operating systems. YubiKeys are available from the Union Bookstore at UNL for a one-time cost of $25 each. Users may also purchase them directly from Yubico if desired; this does require stopping by either HCC location in person to have the YubiKey added to the user's account. For your convenience, HCC often carries some YubiKeys as well; these may only be purchased via a Cost Object transfer.

  • No labels