[Hallb] Fw: Notes/Reminders for Users re: login.jlab.org changes- A message from Brad Sawatzky
Nathan Baltzell
baltzell at jlab.org
Tue Mar 19 10:55:12 EDT 2024
Dear Everyone,
See the email below regarding changes to ssh access to login.jlab.org.
-Nathan
________________________________________
From: Cuga <cuga-bounces at jlab.org> on behalf of Lorelei Carlson via Cuga <cuga at jlab.org>
Sent: Tuesday, March 19, 2024 10:48 AM
To: cuga at jlab.org
Subject: [Cuga] Notes/Reminders for Users re: login.jlab.org changes- A message from Brad Sawatzky
Details are also in the User Weekly here:
https://www.jlab.org/news/briefs/jlab-weekly-scientific-users-march-13-2024
----------------------------------------------------------------
MFA IMPLEMENTATION FOR INTERNET-FACING SERVICES - MARCH 19
To improve the lab’s cybersecurity posture, the CST Division will
require multifactor authentication (MFA) for Virtual Desktop
Infrastructure (VDI) and Secure Shell (SSH), login.jlab.org, beginning
Tuesday, March 19. This includes both the Windows and Linux VDI
environments. It has become increasingly clear that passwords alone
are not sufficient protection for sensitive information, and experts
recommend implementing MFA where available.
- NOTE: If you already have a 2-factor token to login to ifarm
nodes, then you can use the exact same process to connect to
login.jlab.org.
https://jlab.servicenowservices.com/scicomp/?id=kb_article_view&sysparm_article=KB0015066
In addition to new MFA authentication requirements, CST will
shut down non-anonymous file transfer protocol (FTP) access
through ftp.jlab.org. If you currently use anonymous FTP for your
work, please plan to move to OneDrive or SharePoint, as these options
are more secure.
• Windows VDI: The Windows VDI environment will require smartcard
MFA. If you do not have a smartcard and require access to these
systems, please email the Help Desk to have a smartcard
created for you. You can set up an appointment to receive the
smartcard, and remote staff and users can have the smartcard
mailed to them.
• Linux VDI: On Jan. 29, CST rolled out a new RHEL 9 environment
for VDI that will replace RHEL 7. The RHEL 9 environment requires
MFA, and RHEL 7 will require MFA beginning Tuesday, March 19.
Linux VDI and SSH through login.jlab.org will require enrollment
in our MobilePass system, which can use either token-based
authentication OR authentication via an authenticator app (for
example, Google or Microsoft). As RHEL 7 becomes end-of-life in
June, we will be disabling RHEL 7 VDI during the June maintenance.
For questions, contact the Help Desk <helpdesk at jlab.org>, x7155.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00001.txt
URL: <https://mailman.jlab.org/pipermail/hallb/attachments/20240319/c9f7bc18/attachment.txt>
More information about the Hallb
mailing list