One-time-pad (OTP) / Two-factor authentication
All login nodes on Betzy, Fram and Saga offer two-factor authentication on SSH.
To set up two-factor authentication for your user, follow these steps:
Go to www.metacenter.no, log in, using user login (passwords)
First click User Login (Passwords)
Select OTP / 2FA from the page or drop-down menu
Install Authenticator-app if you don’t have one.
Scan the QR-code with your Authenticator app.
Verify with code from your app and click “Submit.”
Wait for the resources to sync the new information.
Video guide
[Video] 2FA setup guide for the national e-infrastructure systems
FAQ
1. Do I have to use two-factor authentication every single time I log in or connect to Betzy, Fram or Saga
No, you don’t. Here’s how you can manage that:
On your Mac or linux desktop or laptop, create a text file ~/.ssh/config
with, for example, the following contents:
Host fram
User myusername
HostName login.fram.sigma2.no
ControlMaster auto
ControlPath ~/.ssh/%r@%h:%p
where myusername is replaced appropriately.
This sets things up so that whenever you ssh to the host nickname fram: ssh fram
It will look for the special file (a socket) in your ~/.ssh/
directory that is maintaining a connection to the cluster. If it already exists and is open, it’ll use it to create a connection without re-authenticating; if it doesn’t exist, it’ll authenticate and create the file for subsequent use.
Note that all subsequent connections are dependent on the initial connection — if you exit or kill the initial connection all other ones die, too. This can obviously be annoying if it happens accidentally. It’s easily avoided by setting up a master connection in the background:
ssh -CX -o ServerAliveInterval=30 -fN fram
The -fN make it go into the background and sit idle, after authenticating. (C for compression,Y for X forwarding, and -o ServerAliveInterval=30 to prevent dropped connections have nothing to do with the ControlMaster but are almost always helpful.)
Does this work for Windows too?
OpenSSH for Windows does currently not support the ControlMaster module, but there is a workaround for this.
By installing WSL and running an Ubuntu terminal you will be able to use SSH as if you were using a Linux computer. You can create the text file under ~/Ubuntu/home/user/.shh/config
and add the same contents as in the example above.
If you then attempt to ssh to the host nickname fram in this example by using ssh fram
in your Ubuntu terminal, it would then create the same socket under Ubuntu’s ssh directory as it would if you were to use a Mac/Linux computer.
You can run an Ubunutu terminal simply by writing the command ‘Ubuntu’ in your Windows terminal.