Versions Compared

Old Version 34

changes.mady.by.user Neil B. Coplan

Saved on

compared with

New Version 35

changes.mady.by.user Neil B. Coplan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Table of Contents


Basic information

When will O2 require two factor authentication?

...

You'll need to register your device (mobile phone is recommended) with Duo for HMS to be able to authenticate using security codes. You can receive these security codes through a phone call, a text message, or through the Duo mobile app. If you already use Duo for the HMS VPN, then no action is needed. However, if you only use Duo with Harvard Key (not HMS), then you will need to set up a separate HMS Duo profile. First, connect via ssh to o2.hms.harvard.edu like you normally would, and you will receive a unique web address to register for HMS Duo:

...

You can connect to https://secure.med.harvard.edu and authenticate with your regular credentials. When prompted for the two factor authentication step you will also be presented (on the left side of the screen) with option to add a new device or modify existing settings. For detailed directions, visit here (https://harvardmed.service-now.com/kb_view_customer.do?sysparm_article=KB0010832).Image Removed

...

I'm getting the error "Your account has been locked out due to excessive authentication failures." What do I do?

...

In order to reduce the number of times you need to authenticate via Duo, you can enable the keep-alive option in your SFTP/SCP application. In FileZilla, this is located under Settings > Connection > FTP. Click the  "Send FTP keep-alive commands" checkbox to enable sending keep-alive commands to retain your Filezilla connection for longer periods of time (and prevent needing to authenticate with Duo for your next transfer):Image Removed

...

The equivalent option for enabling keep-alive commands in WinSCP is under the Advanced Site Settings menu, under Connection:Image Removed

...

Transmit requires modification of several settings to reduce the number authentication requests via Duo. Under Preferences > Advanced, select "Try to keep idle connections alive", as well as Preferences > Advanced > Advanced Server Settings > select "Tickle server during long transfers". You can also increase the number of seconds specified in "Connect Timeout" under Advanced Server Settings.Image RemovedImage Removed

...

Additionally, Transmit takes advantage of Mac's App Nap, which can extend your battery life by putting inactive applications into a suspended state where they aren't able to use system resources. If App Nap is enabled for Transmit and the application is put into the background, you will get a Duo two-factor authentication request once you move Transmit to the foreground and try to transfer files to or from O2. You can prevent Transmit from using App Nap by running in your local terminal:

...