If you don't read anything else, read this...
Policy mandates that 2FA is required whenever any person working from a remote location utilizes administrative credentials to access a server that is used to store or process confidential or Category I university data.
This page lists the acceptable options for remote administrative access to university servers which store or process Category I data. Certain options may work better in specific environments than others - consult your local IT support staff for any implementation questions or issues. If you need to use a 2FA option not on this list, please contact us at security@utexas.edu.
Remote access to workstations and non-server devices should be handled through the UT VPN service.
Service type | Operating Systems | 2FA option(s) | Notes |
---|---|---|---|
Secure Shell | Linux, Unix, Windows, OS X | Password protected public key, or Toopher (via PAM), or PAM OATH, or VPN group with IPTables rules |
|
Remote Desktop | Windows | Certificate-based auth, or Toopher, or VPN group with firewall rules | |
VNC | Linux, Unix | SSH tunnel with password-protected public key, or VPN group with firewall rules | |
Apple Remote Desktop | OS X | SSH tunnel with password-protected public key, or VPN group with firewall rules | |
TeamViewer | * | VPN group with firewall rules, or OATH compliant app (e.g., Google Authenticator, Toopher, Duo Security) |