start:mogon_cluster:basic_authentication

This is an old revision of the document!

Basic Authentication

The authentication process on MOGON has changed significantly due to the security incident. Here you can find the instructions for the general procedure.

Quick Start

  1. Add your SSH-Keys to your ZDV Account.
  2. Prepare your Smartphone for 2FA.
  3. Contact HPC-Group
  4. PrivacyIdea process
  5. Login to MOGON

Add SSH-Key to MOGON

Browse to account.uni-mainz.de/sshkey with a browser of your choice. Use your ZDV credentials for login.

You will now have to submit an SSH-keys whose comment includes certain strings and formatting. In addition to your own comment, you must append the strings HPCGATE and HPCLOGIN, separated by comma. The first keyword (HPCGATE) ensures that you can tunnel through our jump host hpcgate, the other keyword (HPCLOGIN) allows you to access the MOGON login nodes. The keywords must be entered to the comment section of your SSH-Key with no special requirements.

To save an individual key, just copy it in the designated field click on SSH-Key speichern.

The Generic Format

of the SSH-Keys generated by ssh-keygen is:
<algorithm> <key> <comment>

No SSH-Key

In case you don't have a SSH-Key yet or having difficulty adding the comment, you can read more in this Article.
    Previous Next

    Prepare your Smartphone for 2FA

    Access to MOGON is now done via two-factor authentication through PrivacyIdea. The procedure with PrivacyIdea will be explained in detail later. At this point it is only relevant that you install a two-factor authentication app on your smartphone that has been approved by the HPC group.

    iOS

    Android

    We only support the apps mentioned above. Other apps may not be able to function properly, so you will not be able to log in to MOGON using the second factor. If you nevertheless decide to use another app, please make sure that sha-512 is supported. Please also note that in this case we can not provide support if you experience problems.

    Contact the HPC Group

    • Once you have set up your SSH-Keys and your 2FA app, please contact us via the ticket system1) and arrange a meeting with us.
    • We will contact you via Skype for Business which is available to all university members or we can arrange a video chat via BigBlueButton, if Skype for Business is not available for you.
    • The whole process should take no longer than 10 minutes, if your SSH-Keys are properly setup.
    Information about Skype for Business and BigBlueButton can be found on this Article from the ZDV.

    PrivacyIdea @MOGON

    Virtual Private Network

    is necessary to access https://privacyidea.zdv.uni-mainz.de. If you have not yet set up VPN on your PC, please follow these instruction from the ZDV
    1. Have your smartphone with 2FA app installed ready.
    2. Browse to PrivacyIdea and get ready for the login. Browser extensions, such as uBlock, uMatrix and NoScript, probably will prevent the website from functioning properly.
    3. This website is only accessible within the campus network. You can reach it from outside via VPN or with a remote desktop session. Please make sure you can open the page before proceeding.
    4. Establish contact with the HPC Group.
    5. For the login you need your username and the registration key. The registration key serves as a password for the login to PrivacyIdea and is handed to you by the HPC-Admin during the identity verification process.
    6. After successful login, click Token ausrollen in the menu on the left side.
    7. On the page Token ausrollen select TOTP: Zeitbasiertes Einmalpasswort as token. Do not change OTP-Länge and Zeitschritt. Fill in the field Beschreibung and click on Token ausrollen at the bottom of the page.
    8. Scan the QR-Code on your screen with the 2FA app of your choice on your smartphone and click on Neuen Token ausrollen afterwards. Do not share the QR-Code with anyone. Employees of the HPC group will never ask you for your QR-Code or other login credentials. Do not scan the QR-Code shown below!
    9. The newly created token is initially deactivated and must be activated by an HPC-Admin.
    10. Inform the HPC-Admin of the successful creation of the token, so that he can activate it. As soon as the token has been activated by the HPC-Admin, you can see the status at the Alle Token page.
    11. Done. You should be able to use the 2FA app of your choice to create new TOTPs as necessary for login to MOGON.
    1)
    send an E-Mail to hpc@uni-mainz.de (which will create a new ticket in our ticketing system)
    • start/mogon_cluster/basic_authentication.1595496156.txt.gz
    • Last modified: 2020/07/23 11:22
    • by jrutte02