Two-factor authentication is becoming a security standard for large organizations. Many of you are already accustomed to using Duo to authenticate when using Box, WebEx or OSU Google GSuite apps.
In order to help ensure a more secure network, two-factor authentication is now required for logging into OSU Engineering servers for terminal or SFTP access.
This can cause problems for those not using an interactive terminal session, as there is an additional prompt that requires a response and the connection fails silently.
We can bypass the need for DUO authentication by setting up SSH Keys for our applications that use SFTP
For this you will need:
Save it to a location you will be able to easily find it and name it id_rsa.pub
Ignore the warning about the passcode. Save it to the same location as before and name it id_rsa.ppk
access.engr.oregonstate.edu
and enter your password when prompted1
and press enter. This will send a request to your Duo Mobile app which you will need to acceptaccess.engr.oregonstate.edu
.ssh
does not exist, execute the command mkdir .ssh
followed by chmod 700 .ssh
~/.ssh/authorized_keys
which should be an empty file. If it does not exist, create itaccess.engr.oregonstate.edu
paste the copied public key and save the changeschmod 600 ~/.ssh/authorized_keys
your_username@access.engr.oregonstate.edu
flip
and click SaveSFTP
for the Protocol and enter the Host as access.engr.oregonstate.edu
Key file
, enter your username for User, and then browse to the location of your `id_rsa.ppk' file./Applications/Utilities/Terminal.app
)
ssh-keygen -t rsa
enter
. Then hit enter
two more times to skip creating a passcodessh-copy-id -i ~/.ssh/id_rsa.pub
your_username@access.engr.oregonstate.edu
. This will publish your public key to the engineering servers.1
to send a push to your Mobile Duo appssh access.engr.oregonstate.edu
at the terminal command line prompt. If successful, you will connect without having to enter a password or do two-factor authentication!Dreamweaver does not like the the SSH Key format generated by the latest version of OpenSSH and the ssh-keygen untility. If you are running a recent version of macOS, including Mojave. You will need to "downgrade" your id_rsa
file using the folloing command in the Terminal app:
ssh-keygen -p -m PEM -f ~/.ssh/id_rsa
Now continue to set up Dreamweaver:
Configure as seen below, navigating to the ssh key file at /Users/[yourUserName]/.ssh/id_rsa
([yourUserName]
is YOUR mac login name)
Given the large amounts of different Linux distributions there is no one guide that will work for all. You can use Steps 1-10 of the macOS Guide to generate your keys and publish them to Flip. From that point on you will need to use your FTP client of your choice.
login as:
" prompt. 700
(drwx------
) and the .ssh/authorized_keys file permission is 600 (-rw-------
)