Update 2025-05-20

This has been activated around 11 ‘o clock.

On May the 20th we have enabled mandatory multifactor authentication for the following services:

  • DIY web site.
  • Roundcube, for reading mail.
  • SSH from the internet to public servers, like the lilos.

Below you can read how you can log in for each service.

DIY

Enter your Science login name, your password and the TOTP code from your authenticator app.

If you have configured a Yubi key with us, you can also use the Yubi key’s OTP.

Roundcube

For Roundcube the procedure is the same as for DIY.

SSH

For SSH the are 3 different scenarios:

  1. Logging in with password authentication:

    • Type your password,
    • After the prompt: Enter 2FA token: ,
    • Enter the TOTP token from your authenticator app or your Yubi key’s OTP.

  2. Logging in with public key authentication. This requires you have configured a SSH key in DIY or via us:

    • After the prompt: Enter 2FA token: ,
    • Enter the TOTP token from your authenticator app or your Yubi key’s OTP.

  3. Logging in with a Security Key stored on a (FIDO2 compatible) Yubi key (or similar). This requires you have configured that SSH key in DIY or via us:

    • There is no prompt (limitation in sshd),
    • Touch the inserted Yubi key.

    If this fails you’ll get a sign_and_send_pubkey: signing failed for ED25519-SK "user@host from agent: agent refused operation and sshd will fall back to password authentication (the first item in this list).

Setup 2FA

If you have not yet set up 2FA, please look at these instructions