Alliance Doc

Multifactor authentication: Difference between revisions

Page Discussion

Multifactor authentication (view source)

Revision as of 20:10, 27 February 2023

8 bytes removed ,  1 year ago
→‎Using a YubiKey hardware key
No edit summary
Line 14: Line 14:
YubiKeys support multiple authentication protocols which are commonly used for web authentication, such as WebAuthn, FIDO2, U2F. However, the one protocol which works with SSH connections used on our clusters is called Yubico One Time Password (OTP). When using Yubico OTP, pressing the button on the key will write a long string of characters looking like <tt>vvcccbhbndkglanfhevnricjdvftcfugdtjeflgrhenr</tt>, which will act as your second factor.  
YubiKeys support multiple authentication protocols which are commonly used for web authentication, such as WebAuthn, FIDO2, U2F. However, the one protocol which works with SSH connections used on our clusters is called Yubico One Time Password (OTP). When using Yubico OTP, pressing the button on the key will write a long string of characters looking like <tt>vvcccbhbndkglanfhevnricjdvftcfugdtjeflgrhenr</tt>, which will act as your second factor.  


Yubico OTP itself has two modes which it can use. In Yubico Cloud mode, authentication requests are forwarded to Yubico's cloud, in which your key is already pre-registered when you purchase it. This mode is not supported by Duo, which instead supports Yubikey AES OTP. For this mode, you need to have the Public ID, the Private ID, and the Secret Key for your key. If you already have this information, you can use your existing information to register your Yubico OTP on your [https://ccdb.computecanada.ca/multi_factor_authentications MFA account page]. If you do not have this information, you need to configure your key using the steps below.  
Yubico OTP itself has two modes which it can use. In Yubico Cloud mode, authentication requests are forwarded to Yubico's cloud, in which your key is already pre-registered when you purchase it. This mode is not supported by Duo, which instead supports Yubikey OTP. For this mode, you need to have the Public ID, the Private ID, and the Secret Key for your key. If you already have this information, you can use your existing information to register your Yubico OTP on your [https://ccdb.computecanada.ca/multi_factor_authentications MFA account page]. If you do not have this information, you need to configure your key using the steps below.  


=== Configuring your YubiKey for Yubikey AES OTP ===
=== Configuring your YubiKey for Yubikey OTP ===
To configure your Yubikey, follow the instructions below:  
To configure your Yubikey, follow the instructions below:  


Mboisson
Bureaucrats, cc_docs_admin, cc_staff, rsnt_translations
2,837

edits

Retrieved from "https://docs.alliancecan.ca/wiki/Special:MobileDiff/130366"