Two-Factor Authentication is enabled on all Linux Cluster login nodes!
In view of increasing security risks, we are forced to strengthen the security measures. In order to improve the security of our HPC systems, we have changed the authentication procedure on all login nodes to two-factor authentication (2FA) as of July 11, 2023. For all users the Linux Cluster is only accessible with 2FA.
In order to use 2FA on the Linux Cluster, you need to configure it in advance! That procedure comprises two steps: Registration of the token(s) at LRZ SIM-MFA portal and configuration on your local device. A "token" is a piece of hardware or software that serves as a second factor in authentication. Tokens for 2-factor authentication must first be registered on the SIM-MFA web portal at LRZ before they can be used for authentication on a LRZ service. 2FA will not replace the conventional ssh method with password or public key. Rather, it will ask you for a second factor on top of the conventional login credentials. This documentation will guide you through these steps.
The introduction of two-factor authentication will have impact on the procedure of accessing the Linux Cluster. Automatic (data transfer) workflows between your local computer and the login node may no longer work! Please Contact Us and report issues.
3. Problems? Questions? Contact Us Here!
If you have any questions or problems regarding 2FA on Linux Cluster login nodes, we kindly ask you to...
- Check the FAQ section for possible solutions.
- Contact us via Servicedesk. After login to the Selfservice portal, just choose "Incident: I have login problems" from the drop-down list and continue.
4. Step-by-Step Instruction of 2FA Configuration
4.1. Recommended Procedure
4.2. Supported 2FA methods on the Linux Cluster
4.3. Configuration of 2FA Method
Regardless of the 2FA method chosen, you have to register/login in the SIM-MFA web portal in order to create and configure 2FA tokens! Click here to login to the SIM-MFA web portal.
Please login to the SIM-MFA portal with exactly the same user ID (account) that you will need to access the Linux Cluster, i. e. the user ID with Linux Cluster permission!
According to our policy, the use of a second device (e. g. your mobile device, a Yubikey or a TAN list) for provision of the second factor is mandatory!
Select one of the following methods to proceed with the configuration of the 2FA token of your choice in SIM-MFA portal as well as on your local device.
Please carefully read the instructions and recommendations!
5. Login to the Linux Cluster
Step 1: Login via SSH
You may use SSH password authentication or SSH public-key authentication. All login rules via Secure Shell on LRZ HPC Systems still apply.
Step 2: Apply second factor
Timing is important! Please do not enter an OTP which is no longer valid!
After logging in, you are in your HOME directory and can work on the Linux Cluster as usual.