Duo Two-Factor Authentication

To better protect university resources, ACER utilizes Duo to implement Two-Factor authentication (2FA) for providing access to UIC’s HPC clusters.  2FA increases security as it requires two different methods to verify a user’s identity before granting access to the resources:

  1. Your UIC NetID and associated password, followed by
  2. 2FA Duo Tokens that can be accessed by either phone, text, or Duo Mobile App.

To set up your Duo 2FA authentication and learn more about the process, please visit UI verify page here. Duo App is available for both Apple and Android stores and is relatively easy to set up and use for authentication.

  1. Login using Duo
  2. Using File transfer clients with Duo

Login using Duo

Login on Extreme using Duo is fairly easy. Each user needs to follow these steps for every new user session to verify their identity:

  • Login using SSH on Extreme as shown –
$ ssh <netid>@login-1.extreme.acer.uic.edu
Password:
  • After entering the password correctly, you will be prompted by Duo with a similar screen depending on your configuration –

Note: Duo Push option is available if you have the Duo app installed on your phone
  • Based on the option selected, Duo will guide you through the authentication process.
  • Once you’re authenticated with Duo, our system will grant you access to the cluster.

Please contact consult@uic.edu if you experience any difficulties in setting up your Duo.

Using File Transfer Clients and Duo 2FA

Some file transfer clients try multiple concurrent or new connections to transfer files. A user might then have to authenticate multiple times using Duo. To avoid having to authenticate for each new connection, following application-specific steps can be used:

FileZilla

File->SiteManager
New Site
In host
-> (new site will be highlighted, change to your cluster name)
-> In the general tab on the right side, put:
Host: login-1.<cluster-name>.acer.uic.edu
Change protocol to SFTP
Set login type to Interactive
Set user to your netid
-> Go to transfer settings tab, make sure Transfer mode is Active
-> Check limit number of simultaneous connections
Make sure maximum connections is set to 1
Click ok
-> Go to Edit -> Settings
In Connections, set Timeout in seconds to 0 (disable)
Click ok

Now to connect,
file->sitemanager
select the site you created
click connect

 

Cyberduck

Once you have your second factor set up at https://verify.uillinois.edu,

  • Open cyberduck -> sftp and log in with your NetID and password.You will be prompted to use two-factor authentication.
  • After logging in with your NetID and password, you will be asked for provide a secondary password. In the Secondary Password field, type the appropriate option depending on your Duo preferences.1 : Duo push – Use this if you have the DUO app installed on your smartphone.

    2 : Phone call: Use this to receive a call on the phone number you registered Duo with

    3 : SMS Passcodes: Use this to receive s SMS on the phone number you registered Duo with

NOTE:
To transfer multiple files, make sure to select “browser session” in settings/preferences to avoid authenticating your second factor for every file transfer.

In case you haven’t downloaded the Duo app on your smartphone, ‘phone call’ and ‘SMS passcode’ will be your 1 and 2 options respectively.

SecureCRT and SecureFX
  • After creating a new session(For example for login-1.extreme.acer.uic.edu)you’ll be prompted to enter NetID and password.
  • A new dialog box appears with the 3 Duo options as in the image above. Please note that you’ll get 2 options if you don’t have the app installed on your smartphone.