Two-factor authentication on servers

info

2FA is currently optional, but strongly encouraged. It will later be made mandatory on all servers managed by Puppet.

On servers managed by Puppet 2FA can be enabled. We use Duo Security for this.

Account set-up

To set up Duo 2FA for your user send an email to hjelp@sikt.no with the following information:

Username
Full name
Email
Phone number
Platform

Platform is either Android or iPhone. If you don't wish to use an app on a smart phone it is possible to set up Duo with a Yubikey instead.

Duo app

Duo Push requires that you have installed the app. You will get an install app sms and an activation sms when your Duo account is created that can be used to install the app and get it configured.

On a server with 2FA enabled you should get a login similar to this:

$ ssh myserver.sikt.no
Duo two-factor login for <your username>

Enter a passcode or select one of the following options:

 1. Duo Push to +XX XXX XX <Last three digits of your phone number>
 2. SMS passcodes to +XX XXX XX <Last three digits of your phone number>

Passcode or option (1-2):

Account set-up​

Duo app​

Expected login experience​

Account set-up

Duo app

Expected login experience