Featured image for Easier connection to Sherlock's DTNs

We know that easy access to data is essential, and that moving data around is a key part of every user’s workflow on Sherlock. We also know that two-factor authentication (2FA) can sometimes get in the way, and hinder the ability to get work done.

2FA is an important security measure and a definitive improvement over traditional authentication methods, that helps protect our data, identity and is becoming a part of our daily lives, even outside of Sherlock. But it doesn’t necessarily add the same protection value on Data Transfer Nodes (DTNs), which only allow file transfers and don’t offer interactive shells, than it does on login nodes.

Additional authentication steps are sometimes also causing compatibility problems with some file transfer programs, which don’t support them.

This is why we’re implementing changes, to make data transfers more seamless, easier, and more flexible.

Duo is not required on Sherlock DTNs anymore

Starting today, two-step authentication is not a requirement anymore to transfer files to/from Sherlock’s DTN.

Important Two-step authentication using Duo is still mandatory to connect to login nodes

You can now connect to dtn.sherlock.stanford.edu either:

  • interactively, using your SUNet ID and password,
  • in a completely non-interactive way, using your Kerberos credentials (using GSSAPI)

An immediate benefit is that using SSHFS on Windows computers should be possible again.

We hope this will help in making your data more easily accessible on Sherlock, and make more options available in terms of data transfer programs.

As usual, don’t hesitate to get in touch at srcc-support@stanford.edu if you have any question or suggestion.