Home > Documentation > Slurm Job Submission

Two Factor Authentication

For security considerations, some HPC clusters require multi-factor authentication (MFA). Below are the steps to set up and use MFA to access these clusters.

Multi-factor Authentication with Your Smartphone

Step 1 (one-time): Install an authenticator on your smartphone.

We recommend Google Authenticator, but any Time-based One-Time Password (TOTP) authenticator (e.g. Microsoft Authenticator, Authy etc.) would do. You can search for these authenticators in the app store as you would do for any apps on your phone.

GoogleAuthenticator

Step 2 (one-time): Log in the cluster using your credentials.

Start this step by logging in a cluster with your favorite ssh client. Using LONI QB-4 cluster as an example, you should run: 

ssh your_username@qbd.loni.org

You will see a QR code along with some text, and a prompt for the one-time token:

QR code for 2FA

Step 3 (one-time): Open the authenticator app on your phone and scan the QR code:

Google Authenticator - Scan QR Code

Step 4 (one-time): Type the 6-digit one-time token at the prompt and press enter:

Google Authenticator - Token

Note: the token will expire in 30 seconds after being generated. If it expires, simply use the new token.

Now the setup is complete.

Step 5: Log out and log back in with your ssh client. You should see the token prompt after entering your password.

Step 6: Enter the token in your authenticator at the prompt as you did in Step 4.

If you log in successfully, no token will be required again for the next 12 hours if you log in from the same IP addresss. You do need to type your password everytime.

In the future, you only need to repeat Step 5 and 6 to log in.

QR code display on SSH terminals

The QR code is generated using ANSI sequences which should be displayed properly on most terminals. However, as far as we know, for Windows users using PuTTY, the QR code may not display properly with the default settings, making it unscannable using a phone.

2FA-Putty-Wrong-QR

To resolve this, adjust the "Columns" setting under the "Window" settings from 80 to 160.

2FA-Putty-Window-Setting

This should enable PuTTY to display the QR code properly.

Multi-factor Authentication with Your Computer

If you do not have a smart phone or the authenticators do not work on your phone, you can also choose to use desktop applications. KeepPassXCis an excellent choice, which also provides a browser extension and can be used as a password manager. If you need help setting it up, please contact us at sys-help@loni.org.