Use Multifactor authentication with ssh identity file as first factor

조회 수: 10 (최근 30일)
Lev-Arcady
Lev-Arcady 2025년 2월 7일
댓글: Lev-Arcady 2025년 2월 8일
Hello,
I am trying to connect to a national computing cluster which requires 2-factor authentication; it accepts ssh key+code, where the code is generated on demand on a smartphone app. Following the documentation, when configuring my cluster profile, I tried to use "Multifactor" in the additional property field "AuthenticationMode" as well as setting the "IdentityFile" field. However, it seems that the Multifactor method always uses a password, which in my case fails with the message
Error Report: Job submission failed because the plugin function 'independentSubmitFcn.m' errored.
Caused by:
Error using parallel.cluster.RemoteClusterAccess.getConnectedAccessWithMirror (line 463)
Failed to connect to remote host 'narval.alliancecan.ca'.
Error using parallel.internal.remoteaccess.FileMirror
Invalid username or password for remote host narval.alliancecan.ca.
Error from library: Authentication failed (keyboard-interactive)
If I try to set the authentication mode to "IdentityFile", of course the authentication fails for lack of the second step, but it allows me to check that the identity file itself is accepted:
Error Report: Job submission failed because the plugin function 'independentSubmitFcn.m' errored.
Caused by:
Error using parallel.cluster.RemoteClusterAccess.getConnectedAccessWithMirror (line 463)
Failed to connect to remote host 'narval.alliancecan.ca'.
Error using parallel.internal.remoteaccess.FileMirror
The remote host 'narval.alliancecan.ca' does not accept the provided authentication methods.
Successful authentication steps: publickey
Next step requires one of: keyboard-interactive,hostbased
How could I set up the profile to use multifactor authentication with an identity file as the first factor? Even a temporary fix requiring me to modify the mentionned function parallel.cluster.RemoteClusterAccess.getConnectedAccessWithMirror or any other would be greatly appreciated!
  댓글 수: 2
Sam Marshalik
Sam Marshalik 2025년 2월 7일
Can you expand on what kind of multi-factor authentication you are using? What is the app and process?
From the doc:
  • 'Multifactor' – the client prompts you for input one or more times. For example, if two-factor authentication (2FA) is enabled on the client, the client requests your password and a response for the second authentication factor.
Assuming it is a typical MFA, you should get some sort of alphanumeric string from your MFA app to enter into MATLAB. Is your process different?
Lev-Arcady
Lev-Arcady 2025년 2월 8일
Hi Sam,
The MFA uses an Android app called "Duo mobile". Indeed it generates 6-digit codes. When I initiate the ssh connection from a terminal, I am prompted for a code, which I go generate on my smartphone then enter in the prompt.
(As an aside I also tried ssh's "Control Master" functionnality, hoping to deal with the MFA beforehand in a separate terminal connection and let subsequent SSH connections use multiplexing with the control master. This works for other ssh connections in the terminal, in the sense that they are able to connect without a MFA validation; it doesn't work from Matlab though, which still gets the message that the identity file was accepted but a second method is required).

댓글을 달려면 로그인하십시오.

이 질문에 답변하려면 로그인하십시오.

채택된 답변

Raymond Norris
Raymond Norris 2025년 2월 7일
Hi @Lev-Arcady. I've worked with the Alliance in the past to get MATLAB Parallel Server configured on multiple clusters. Please contact me offline and I'll get this resolved for you.

추가 답변 (0개)

카테고리

Help CenterFile Exchange에서 Install Products에 대해 자세히 알아보기

태그

제품


릴리스

R2024b

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by