This is an old revision of the document!
Basic Authentication
Prerequisites
Your ZDV Account must be assigned to an HPC project, before you can complete the MOGON authentication.
You can check the affiliation to an HPC project on your ZDV account profil in the Andere Mitgliedschafte
resp. Other memberships
section.
Your project leader and other technical contacts may, add your account to an HPC project.
The authentication process on MOGON is to ensure best possible protections again malicious intend. Here you can find the instructions for the general procedure.
Quick Start
- Generate your SSH-Keys inor .
- Add your public SSH-Keys in OpenSSH Format to your ZDV Account.
HPCGATE
andHPCLOGIN
must be included in the comment.
- Prepare your Smartphone for 2FA by installing the freeOTP or PrivacyIDEA app.
- Contact the HPC-Group via hpc@uni-mainz.de with your ZDV Account
- Complete the PrivacyIdea process with an HPC-Admin
- Login to MOGON via SSH using our Jump Host
Add SSH-Key to MOGON
You will now have to submit an SSH-Key whose comment includes certain strings and formatting. To save an individual key in your university account, just copy its public part (your_key_name.pub
) in the designated field click on SSH-Key speichern
.
Generate SSH-Keys for MOGON
Please follow our instructions for generating SSH-Keys using or .Generating the SSH-Key in advanced way
The SSH-Keys generated byssh-keygen
have the following form: <algorithm> <key> <comment>
If you want to generate the key in a way that is different from our guide, please notice that you must append the strings
HPCGATE
and HPCLOGIN
, separated by comma as a comment to the key (you may also add your own optional comment). The first keyword (HPCGATE
) ensures that you can tunnel through our jump host hpcgate
, the other keyword (HPCLOGIN
) allows you to access the MOGON login nodes.
The keywords must be entered to the comment section of your SSH-Key.
PuTTYgen/MobaKeyGen
If you have generated your SSH-Keys withPuTTYgen
or MobaKeyGen
, please note this Article before you upload our SSH-Keys!
Prepare your Smartphone for 2FA
Access to MOGON is now done via two-factor authentication through PrivacyIdea. The procedure with PrivacyIdea will be explained in detail later. At this point it is only relevant that you install a two-factor authentication app on your smartphone that has been approved by the HPC group.
sha-512
is supported. Please also note that in this case we can not provide support if you experience problems. Contact the HPC Group
- Once you have set up your SSH-Keys and freeOTP or PrivacyIDEA on your smartphone, please contact us via the ticket system using your ZDV account 1) and arrange a meeting with us.
- We will contact you via Skype for Business which is available to all university members or we can arrange a video chat via BigBlueButton, if Skype for Business is not available for you.
- The whole process should take no longer than 10 minutes, if your SSH-Keys are properly setup.
PrivacyIdea @MOGON
Virtual Private Network
is necessary to access https://privacyidea.zdv.uni-mainz.de. If you have not yet set up VPN on your PC, please follow these instruction from the ZDV- Have your smartphone with freeOTP or PrivacyIDEA app installed ready.
- Browse to PrivacyIdea and get ready for the login. Browser extensions, such as uBlock, uMatrix and NoScript, probably will prevent the website from functioning properly.
- This website is only accessible within the campus network. You can reach it from outside via VPN or with a remote desktop session. Please make sure you can open the page before proceeding.
- Establish contact with the HPC Group.
- For the login you need your
username
and theregistration key
. Theregistration key
serves as a password for the login to PrivacyIdea and is handed to you by the HPC-Admin during the identity verification process.
- After successful login, click
Token ausrollen
in the menu on the left side. - On the page
Token ausrollen
selectTOTP: Zeitbasiertes Einmalpasswort
as token. Do not changeOTP-Länge
andZeitschritt
. Fill in the fieldBeschreibung
and click onToken ausrollen
at the bottom of the page.
- Scan the QR-Code on your screen with the 2FA app of your choice on your smartphone.
Do not share the QR-Code with anyone. Employees of the HPC group will never ask you for your QR-Code or other login credentials.
Do not scan the QR-Code shown below!
- The newly created token is initially deactivated and must be activated by an HPC-Admin.
- Inform the HPC-Admin of the successful creation of the token, so that he can activate it. As soon as the token has been activated by the HPC-Admin, you can see the status at the
Alle Token
page. - Done. You should be able to use the 2FA app of your choice to create new TOTPs as necessary for login to MOGON.