ONID - Login to Shell Server with Duo

Issue/Question

  • How does Duo auth work with the ONID shell server?
  • How does Duo auth work with the Engineering unix servers?
  • How do I use Duo with the Linux/Unix shell servers?
  • Is Duo required for public key SSH authentication?

Environment

  • Oregon State University
  • Linux/Unix servers for ONID and College of Engineering
  • Duo

Explanation

Beginning March 26, 2019, Duo two-step login will be required for all Duo users on the following servers:

  • shell.onid.oregonstate.edu
  • access.engr.oregonstate.edu
  • flip.engr.oregonstate.edu
  • nome.eecs.oregonstate.edu

Linux Server Access Methods:

  1. Interactive Login: If you connect to COE or shell.onid servers with an SSH client, you will see an interactive login prompt where you can use Duo.
  2. Public Key Authentication: If you connect to COE or shell.onid servers from an application that doesn't do interactive login, you need to setup a public key instead.

Resolution

Interactive Login

If you are signed up for Duo, you will be prompted to Duo authenticate after you enter your username and password. 

If you have multiple Duo devices, you will be prompted to select from a list. You may enter either a Duo bypasscode, or select a number from the menu to receive a Duo push.

The Duo login on shell.onid.oregonstate.edu looks like this:

Password:
Duo two-factor login for username

Enter a passcode or select one of the following options:

  1. Duo Push to XXX-XXX-0123

Passcode or option (1-1):

In this example, press 1 to have a Duo push sent to your device.

After you have approved the Duo request on your device, you will see a success message:

Passcode or option (1-1): 1
Success. Logging you in...

Note: The SSH Duo login will not work with a security key (such as a Yubikey). As a work-around to this issue, you can generate a temporary code at: duo.oregonstate.edu

Public Key Authentication

If you authenticate to shell.onid.oregonstate.edu using SSH public keys (e.g. via a scripted process) Duo authentication is not required. SSH keys can be used for applications such as FileZilla, Cyberduck, Dreamweaver, etc. Steps to setup SSH keys can be found here: https://it.engineering.oregonstate.edu/ssh-keygen

NOTE: The above steps reference the Engineering server access.engr.oregonstate.edu. These can be replaced with shell.onid.oregonstate.edu or any of the other servers listed above.

 

Assistance

For assistance, contact the Service Desk.

Details

Article ID: 74269
Created
Thu 3/21/19 11:51 AM
Modified
Fri 2/9/24 11:53 AM

Related Articles (1)

ONID - Access Home Folder with SSH (Putty, Terminal)
How to connect via SSH to the ONID shell server.