start:mogon_cluster:basic_authentication

Basic Authentication

Prerequisites

Your ZDV Account must be assigned to an HPC project, before you can complete the MOGON authentication.
You can check the affiliation to an HPC project on your ZDV account profil in the Andere Mitgliedschafte resp. Other memberships section.

Your project leader and other technical contacts may, add your account to an HPC project.

The authentication process on MOGON is to ensure best possible protections again malicious intend. Here you can find the instructions for the general procedure.

Quick Start

  1. Generate your SSH-Keys in Windows or Linux/macOS.
  2. Add your public SSH-Keys in OpenSSH Format to your ZDV Account.
    • HPCGATE and HPCLOGIN must be included in the comment.
  3. Prepare your Smartphone for 2FA by installing the freeOTP or PrivacyIDEA app.
  4. Contact the HPC-Group via hpc@uni-mainz.de with your ZDV Account
  5. Complete the PrivacyIdea process with an HPC-Admin
  6. Login to MOGON via SSH using our Jump Host
Open account.uni-mainz.de/sshkey with a browser of your choice. Use your ZDV credentials for login.

You will now have to submit an SSH-Key whose comment includes certain strings and formatting. To save an individual key in your university account, just copy its public part (your_key_name.pub) in the designated field click on SSH-Key speichern.

Don't have the SSH-Key?

Please follow our instructions for generating SSH-Keys using Windows or Linux/macOS.

Access to MOGON is done via two-factor authentication through an app on your smartphone. Please install one of the apps below, which are approved by the HPC group. Other apps may not function properly and we can not provide support if you experience problems with any other app.

If you nevertheless decide to use another app, please make sure that sha-512 is supported. Please also note that even if this is the case we can not provide support if you experience problems.
  • Once you have set up your SSH-Keys and freeOTP or PrivacyIDEA on your smartphone, please contact us via the ticket system using your ZDV account 1) and arrange a meeting with us.
  • We will contact you via BigBlueButton (description here).
  • The whole process should take no longer than 15 minutes, if your SSH-Keys are properly setup.

Virtual Private Network

is necessary to access https://privacyidea.zdv.uni-mainz.de. If you have not yet set up VPN on your PC, please follow these instruction from the ZDV
For access MOGON, though, you do not need VPN.
  1. Have your smartphone with freeOTP or PrivacyIDEA app installed ready.
  2. Browse to PrivacyIdea and get ready for the login. Browser extensions, such as uBlock, uMatrix and NoScript, probably will prevent the website from functioning properly.
  3. This website is only accessible within the campus network. You can reach it from outside via VPN or with a remote desktop session. Please make sure you can open the page before proceeding.
  4. Establish contact with the HPC Group.
  5. For the login you need your username and the one-time registration key. The one-time registration key serves as a password for the login to PrivacyIdea and is handed to you by the HPC-Admin during the identity verification process.
  6. After successful login, click Token ausrollen in the menu on the left side.
  7. On the page Token ausrollen select TOTP: Zeitbasiertes Einmalpasswort as token. Do not change OTP-Länge and Zeitschritt. Fill in the field Beschreibung and click on Token ausrollen at the bottom of the page.
  8. Scan the QR-Code on your screen with the 2FA app of your choice on your smartphone.
    Do not share the QR-Code with anyone. Employees of the HPC group will never ask you for your QR-Code or other login credentials.
    Do not scan the QR-Code shown below!
  9. The newly created token is initially deactivated and must be activated by an HPC-Admin.
  10. Inform the HPC-Admin of the successful creation of the token, so that he can activate it. As soon as the token has been activated by the HPC-Admin, you can see the status at the Alle Token page.
  11. Done. You should be able to use the 2FA app of your choice to create new TOTPs as necessary for login to MOGON.

The requirements for this are that your old smartphone is still functional and you are able to log in to MOGON with it as well as your new smartphone is already set up and functional.

  1. Start by browsing to the https://privacyidea.zdv.uni-mainz.de/ website (You need an active VPN).
  2. The credentials for the login are as follows:
    Username: ZDV-Account
    Passwort: Current 2FA Token (on the old smatphone).
    After successful login, you should see the token overview. Now click the serial number of the token you want to delete to access the Tokens detailed overview page. In this example the serial number is TOTP01234567.
  3. You can now delete the token permanently by clicking on the Delete|Löschen button.
  4. After you deleted the token, you will be redcirected to the overview where the token should have disappeared. Now click on Enroll Token|Token ausrollen to enroll a new Token:
  5. On the next page just fill in the field Description|Beschreibung and click on the Enroll new Token|Token ausrollen button at the bottom of the page.
  6. Now scan the displayed QR-Code on the next page with the 2FA app on your new smatphone
  7. The newly created token is initially deactivated and must be activated by an HPC-Admin. Please contact the HPC-Group and ask for the token to be activated. Always specify the serial number of the token when contacting us for activation.

1)
send an E-Mail to hpc@uni-mainz.de (which will create a new ticket in our ticketing system)
  • start/mogon_cluster/basic_authentication.txt
  • Last modified: 2021/06/21 22:00
  • by jrutte02