Two-factor authentication is mandatory to gain shell access to our SSH server styx.lorentz.leidenuniv.nl unless you have set up a public/private key SSH authentication for your account. In this case, your access will continue to be passwordless.

If no public/private key authentication is set up for your account, you will have to complete the extra 2FA step to gain access to the system every SSH session. Should you want to set up public/private key SSH authentication for your account to avoid typing passwords, please see this concise guide.

Obtain the One-time Code (OTP) either by using an OTP app on your smart phone or by using an OTP program on your personal computer.

Please allow at least 30 minutes between your first 2FA set up and an SSH login session to our server. This time is needed to guarantee synchronization of users secret keys between our Identity Provider and the SSH server.

In the example below, user `gdhsa' initiates an SSH session to our SSH server. Because no public/private key authentication is available for this user, the system verifies first the user password and then the TOTP code. Should one of the two be incorrect, the login session will be unsuccessful.