Two-Factor Authentication via Yubikey
1. Prerequisite
This method requires the purchase of the hardware token YubiKey and installation of the YubiKey Manager on your local computer in order to initialize the YubiKey with a private key ("seed"). This so-called AES secret must be written to the device as well as registered in the SIM-MFA portal. Using this key, the YubiKey will be able to generate one-time passwords (OTPs) needed as a second factor to login to the Linux Cluster.
Use a single YubiKey for multiple purposes
As the YubiKey may have two slots, it can be used for two different purposes! If you already use such a YubiKey, you may not need to buy a new one. You only have to configure a free slot for 2FA access to LRZ systems.
2. Configure YubiKey
Installation of the Yubikey manager and configuration of the YubiKey via commandline (Ubuntu / Debian / other Linux OS / macOS)
Installation of the Yubikey manager GUI (Linux / Windows / macOS)
Configuration of the YubiKey via GUI (Linux / Windows / macOS)
3. Rollout YubiKey Token
4. Manage Tokens
Two-Factor Authentication: Token Management in SIM-MFA web portal