====== Shell Access To 2FA-protected IL SSH Server ====== Two-factor authentication is mandatory to gain shell access to our SSH server styx.lorentz.leidenuniv.nl __unless__ you have set up a public/private key SSH authentication for your account. In this case, your access will continue to be //passwordless//. If no public/private key authentication is set up for your account, you will have to complete the extra 2FA step to gain access to the system every SSH session. Should you want to set up public/private key SSH authentication for your account to avoid typing passwords, please see this concise [[https://www.ssh.com/ssh/keygen/|guide]]. Obtain the One-time Code (OTP) either by using an [[institute_lorentz:2fa-smartphone|OTP app on your smart phone]] or by using an [[institute_lorentz:2fa-pc|OTP program on your personal computer]]. |:!: Please allow at least 30 minutes between your first 2FA set up and an SSH login session to our server. This time is needed to guarantee synchronization of users secret keys between our Identity Provider and the SSH server.| In the example below, user `gdhsa' initiates an SSH session to our SSH server. Because no public/private key authentication is available for this user, the system verifies first the user password and then the TOTP code. Should one of the two be incorrect, the login session will be unsuccessful. {{ :institute_lorentz:ssh2fa_mod.png?direct&600 |}}