Use Multifactor authentication with ssh identity file as first factor

9 vues (au cours des 30 derniers jours)
Lev-Arcady
Lev-Arcady le 7 Fév 2025
Commenté : Lev-Arcady le 8 Fév 2025
Hello,
I am trying to connect to a national computing cluster which requires 2-factor authentication; it accepts ssh key+code, where the code is generated on demand on a smartphone app. Following the documentation, when configuring my cluster profile, I tried to use "Multifactor" in the additional property field "AuthenticationMode" as well as setting the "IdentityFile" field. However, it seems that the Multifactor method always uses a password, which in my case fails with the message
Error Report: Job submission failed because the plugin function 'independentSubmitFcn.m' errored.
Caused by:
Error using parallel.cluster.RemoteClusterAccess.getConnectedAccessWithMirror (line 463)
Failed to connect to remote host 'narval.alliancecan.ca'.
Error using parallel.internal.remoteaccess.FileMirror
Invalid username or password for remote host narval.alliancecan.ca.
Error from library: Authentication failed (keyboard-interactive)
If I try to set the authentication mode to "IdentityFile", of course the authentication fails for lack of the second step, but it allows me to check that the identity file itself is accepted:
Error Report: Job submission failed because the plugin function 'independentSubmitFcn.m' errored.
Caused by:
Error using parallel.cluster.RemoteClusterAccess.getConnectedAccessWithMirror (line 463)
Failed to connect to remote host 'narval.alliancecan.ca'.
Error using parallel.internal.remoteaccess.FileMirror
The remote host 'narval.alliancecan.ca' does not accept the provided authentication methods.
Successful authentication steps: publickey
Next step requires one of: keyboard-interactive,hostbased
How could I set up the profile to use multifactor authentication with an identity file as the first factor? Even a temporary fix requiring me to modify the mentionned function parallel.cluster.RemoteClusterAccess.getConnectedAccessWithMirror or any other would be greatly appreciated!
  2 commentaires
Sam Marshalik
Sam Marshalik le 7 Fév 2025
Can you expand on what kind of multi-factor authentication you are using? What is the app and process?
From the doc:
  • 'Multifactor' – the client prompts you for input one or more times. For example, if two-factor authentication (2FA) is enabled on the client, the client requests your password and a response for the second authentication factor.
Assuming it is a typical MFA, you should get some sort of alphanumeric string from your MFA app to enter into MATLAB. Is your process different?
Lev-Arcady
Lev-Arcady le 8 Fév 2025
Hi Sam,
The MFA uses an Android app called "Duo mobile". Indeed it generates 6-digit codes. When I initiate the ssh connection from a terminal, I am prompted for a code, which I go generate on my smartphone then enter in the prompt.
(As an aside I also tried ssh's "Control Master" functionnality, hoping to deal with the MFA beforehand in a separate terminal connection and let subsequent SSH connections use multiplexing with the control master. This works for other ssh connections in the terminal, in the sense that they are able to connect without a MFA validation; it doesn't work from Matlab though, which still gets the message that the identity file was accepted but a second method is required).

Connectez-vous pour commenter.

Connectez-vous pour répondre à cette question.

Réponse acceptée

Raymond Norris
Raymond Norris le 7 Fév 2025
Hi @Lev-Arcady. I've worked with the Alliance in the past to get MATLAB Parallel Server configured on multiple clusters. Please contact me offline and I'll get this resolved for you.

Plus de réponses (0)

Catégories

En savoir plus sur MATLAB Parallel Server dans Help Center et File Exchange

Tags

Produits


Version

R2024b

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by