National Center for Supercomputing ApplicationsUniversity of Illinois at Urbana–Champaign

Two-factor Authentication TutorialFor NCSA Private Sector Program

Outline

• Getting Started• Installing your app• Requesting a soft token• Downloading your token seed

• Activating your soft token• Using your soft token

• Login to iForge• Globus Online transfers• Single Sign-On (Advanced Users)

Installing your app

• Download free RSA SecurID app to your phone• iPhone, Android, Windows or Blackberry app stores all have it

• Note your Binding ID in the settings for next step

iOS app example

Request a token

• Go to the pagehttps://internal.ncsa.illinois.edu/mis/rsa/index.php?page=new&• Login with your NCSA

password• Enter your Binding ID & email

address on the page• Wait for email (1 business day

max)

Download & Install your token seed

• Receive email from NCSA on your phone

• Open the link to activate token

• RSA app should open and import the token

Outline

• Getting Started• Installing your app• Requesting a soft token• Downloading your token seed

• Activating your soft token• Using your soft token

• Login to iForge• Globus Online transfers• Single Sign-On (Advanced Users)

Activating your token

• Go to https://otp.ncsa.illinois.edu• Enter your user ID (NCSA username)

Activating your token

• Enter your rolling passcode & set your PIN

Activating your token

• Set your self-service questions

Outline

• Getting Started• Installing your app• Requesting a soft token• Downloading your token seed

• Activating your soft token• Using your soft token

• Login to iForge• Globus Online transfers• Single Sign-On (Advanced Users)

Logging into iForge

• SSH to iforgehn1.ncsa.illinois.edu• Enter your newly set PIN followed by current passcode• (Optional) Multiple logins for OpenSSH Mac/Linux clients

• OpenSSH supports multiple shells, one login• Add the following to your ~/.ssh/ssh_config

ControlMaster autoControlPath ~/.ssh/control:%h:%p:%r

New for GlobusOnline Users

• You are redirected to an NCSA portal• Enter your username & PIN followed by the current code

New for GlobusOnline Users

• Select the #NCSA:iforge endpoint in GlobusOnline

Outline

• Getting Started• Installing your app• Requesting a soft token• Downloading your token seed

• Activating your soft token• Using your soft token

• Login to iForge• Globus Online transfers• Single Sign-On (Advanced Users)

(Advanced) Single Sign-on with GSISSH

• Requires installing the GSISSH & MyProxy on your desktop• Supported well on Mac & Linux

• Works by using certificates that last up to 10 days• Use ‘gsissh’ command, not ‘ssh’

Installing GSISSH & MyProxy

• From a Mac or Linux computer• Download the latest Globus Toolkit from

http://www.globus.org/toolkit/downloads/• Unpack the download

• tar xzf gt6*-installer.tar.gz

• Install MyProxy & GSISSH

$ cd gt5*-installer$ ./configure --prefix=$HOME/globus$ make gsi-myproxy gsi-openssh$ make install

Update Shell Environment

• For BASH, add to the ~/.bashrc file

• For C Shell, add to the ~/.cshrc file

$ GLOBUS_LOCATION=$HOME/globus$ export GLOBUS_LOCATION$ . $GLOBUS_LOCATION/etc/globus-user-env.sh

$ setenv GLOBUS_LOCATION $HOME/globus$ source $GLOBUS_LOCATION/etc/globus-user-env.csh

Obtaining your MyProxy certificate

• For regular 12 hour certificate• myproxy-logon -T -l username –s tfca.ncsa.illinois.edu

• For regular longer-lived certificate (up to 264 hours)• myproxy-logon -T -l username –s tfca.ncsa.illinois.edu –t 264

Login via GSISSH

• You can simply run• gsissh iforge.ncsa.illinois.edu

• You can also copy files$ gsiscp ~/filename iforge.ncsa.illinois.edu:~/filename$ gsiscp iforge.ncsa.illinois.edu:~/filename ~/filename$ gsisftp iforge.ncsa.illinois.edu