Dear Grex/HPC User,
The Digital Research Alliance of Canada, and our UManitoba HPC system, Grex, are proceeding with the ongoing implementation of a multifactor authentication (MFA) system. MFA adds an additional layer of security to the traditional password-based (or SSH keys based) authentication by requiring a second factor, known as "something you have." Grex is using the Cisco Duo instance from the Alliance as the second factor authentication. We have successfully completed the first phase of MFA testing for staff and early adopter users.
As of now, every Alliance and Grex user has an option to register a device in CCDB. As our next stage in MFA adoption, we are going to temporarily enforce the use of MFA for all GREX users between Dec 04 and 11, 2023 . All authentication attempts to Grex during this week will require the second factor. We would like to make MFA mandatory for all GREX users in January 2024.
Note that the second factors used by the Alliance are not entirely the same as those used by the University of Manitoba for platforms such as UM Intranet and Exchange. On Grex and Alliance systems, the following factors are enabled:
● Duo smartphone app (Android and iOS)
● Yubico Yubikey cybersecurity USB key device
● 10 one-time codes (recommended as a backup 2FA in addition to the primary device)
Enrollment into the Alliance Duo is through CCDB: https://ccdb.alliancecan.cahttps://ccdb.alliancecan.ca/ . A successful Enrollment enables the MFA requirement on every SSH login on both Grex and Alliance systems like Cedar, Graham, Narval or Niagara. The following Grex Documentation page explains the process of the device enrollment with screenshots: https://um-grex.github.io/grex-docs/connecting/mfa/
Our staff will be available for support in case you have a difficulty to enroll or use MFA.. If you have any questions, please let us know (by an email to support@tech.alliancecan.camailto:support@tech.alliancecan.ca , mentioning “Grex” in the subject line). Thank you for your patience and thank you for your attention to this message!
-- Your Grex HPC team.