How to Establish SSH/SFTP Connections to College of Education Servers From an Off-Campus Location
- James Cutrone
Two-Factor Authentication Required For Off-Campus Computers
If you attempting to connect to a College of Education server from an off-campus location and you receive a prompt to enter a One-Time-Password (OTP), this means you need to first connect to the UT VPN service before attempting the SSH/SFTP connection. If you first connect to the UT VPN service and then attempt the SSH/SFTP connection, you will not receive the prompt to enter a One-Time-Password (OTP).
If you are a 3rd party contractor who isn't currently authorized to access the UT VPN Service, you'll need to connect to servers by providing a One-Time-Password (OTP). Your server user account will need to be configured to utilize OTPs. Contact the College of Education technical support group to initiate this process. Once your server user account has been configured for OTP support, you can following the instructions below.
How to Establish an SSH/SFTP Connection Using a One-Time-Password (OTP)
OTP Support Has to Be Enabled For Your User Account
One-Time-Password (OTP) support is not enabled for user accounts by default. Contact the College of Education technical support group to enable this feature on your server user account. OTPs are only enabled for users that are not able to use the UT VPN service.
Overview
You will need to use an SSH/SFTP client that supports OTPs. Filezilla, Bitvise, and Fetch are SFTP clients that support OTPs. The connection process will work like a usual SSH/SFTP connection with the exception that you will be prompted to enter a OTP after you enter your normal server username and password. You'll need to generate a OTP using Google Authenticator or another compatible OTP app. Instructions for setting up the OTP app are below.
Step 1 - Setup Your OTP App
When the College of Education technical support group enables OTP support on your server user account, they will provide you with a OTP key to enter into your OTP app. Known compatible OTP apps you can use are Google Authenticator and Duo Mobile. After you install the OTP app, add into it the OTP key you were provided by technical support.
Step 2 - Connect to the Server With a OTP Compatible SSH/SFTP Client
Any OTP compatible SSH/SFTP client will work. The following instructions show how to connect with Filezilla.
1. Create a new "site" for the server you want to connect to if you don't already have one. You have to use a properly configured site to connect to the server since the "Quick Connect" function of Filezilla does not support OTPs. To create a new site, select the top menu bar option File | Site Manager... In the window that appears, press the button to create a new site.
2. Configure your site like the screenshot below. The most important setting is the "Logon Type" setting of "Interactive". Customize the settings for the server you are connecting to as appropriate.
3. Connect to the server by opening up the site you created and pressing its "Connect" button.
4. You will then be prompted for your server user account password and OTP. Use your OTP app to generate the needed OTP.
5. If all your credentials are correct, your login to the server will successfully complete. If you get an invalid password error and you are certain you entered the correct username and password, wait until your OTP app automatically generates another OTP and then try logging in with that new OTP.