Conversation
extra clarification
jooghe
left a comment
jooghe
left a comment
There was a problem hiding this comment.
Just to make sure that the users sees that MFA is also enforced when they are not using a private key.
source/access/mfa_login.rst
Outdated
|
|
||
| - A valid private key | ||
| - A valid private key (except when connecting via :ref:`Open OnDemand portal<ood_t2_leuven>`) | ||
| - Access to a VSC-associated university/institution account |
There was a problem hiding this comment.
- Access to a VSC-associated university/institution account, with MFA authentication
There was a problem hiding this comment.
I even think nobody needs a private key anymore, the MFA is entirely within the institution authentication.
There was a problem hiding this comment.
The only scenario (that I know) where users require keys are NX/FileZilla/WinSCP users, which makes having ssh keys optional for new users.
Is this PR good to go? Or you still propose a change?
There was a problem hiding this comment.
The only scenario (that I know) where users require keys are NX/FileZilla/WinSCP users, which makes having ssh keys optional for new users.
Is this PR good to go? Or you still propose a change?
Can you try to log in using for instance NX, without a key? For me that seems to work, I get a certificate without ever needing my key and that certificate suffices to connect with NX. This makes me think that the private SSH key is never used when connecting. Unless I am wrong about that (and maybe it is good to check with Peter), I would propose to remove the line A valid private key (except...) completely.
There was a problem hiding this comment.
I think we do indeed need to list the cases when you still need a key. And I think it's best to make the distinction between the KU Leuven Tier-2 and the other VSC infrastructure.
Login in to Hortense with a terminal, you will need a key. However if you use the web interface I'm not sure if you need the key.
There was a problem hiding this comment.
The only scenario (that I know) where users require keys are NX/FileZilla/WinSCP users, which makes having ssh keys optional for new users.
Is this PR good to go? Or you still propose a change?Can you try to log in using for instance NX, without a key? For me that seems to work, I get a certificate without ever needing my key and that certificate suffices to connect with NX. This makes me think that the private SSH key is never used when connecting. Unless I am wrong about that (and maybe it is good to check with Peter), I would propose to remove the line
A valid private key (except...)completely.
I can always login to NX with my certificate. but, I think with e.g. FileZilla, you'd always need a key. If we ditch FileZilla/WinSCP in favor of globus, then of course, we do not require keys at all.
|
Due to the changes in #452, this file has moved to |
5 participants
Users of OnDemand do not require SSH key to login. This needed to be made clear in the docs.