We know that easy access to data is essential, and that moving data around is a key part of every user’s workflow on Sherlock. We also know that two-factor authentication (2FA) can sometimes get in the way, and hinder the ability to get work done.
2FA is an important security measure and a definitive improvement over traditional authentication methods, that helps protect our data, identity and is becoming a part of our daily lives, even outside of Sherlock. But it doesn’t necessarily add the same protection value on Data Transfer Nodes (DTNs), which only allow file transfers and don’t offer interactive shells, than it does on login nodes.
Additional authentication steps are sometimes also causing compatibility problems with some file transfer programs, which don’t support them.
This is why we’re implementing changes, to make data transfers more seamless, easier, and more flexible.
Duo is not required on Sherlock DTNs anymore
Starting today, two-step authentication is not a requirement anymore to transfer files to/from Sherlock’s DTN.
Important Two-step authentication using Duo is still mandatory to connect to login nodes
You can now connect to
- interactively, using your SUNet ID and password,
- in a completely non-interactive way, using your Kerberos credentials (using GSSAPI)
An immediate benefit is that using SSHFS on Windows computers should be possible again.
We hope this will help in making your data more easily accessible on Sherlock, and make more options available in terms of data transfer programs.
As usual, don’t hesitate to get in touch at email@example.com if you have any question or suggestion.
Did you like this update?