[Hallb] Fw: Notes/Reminders for Users re: login.jlab.org changes- A message from Brad Sawatzky

Nathan Baltzell baltzell at jlab.org
Tue Mar 19 10:55:12 EDT 2024


Dear Everyone,

See the email below regarding changes to ssh access to login.jlab.org.

-Nathan

________________________________________
From: Cuga <cuga-bounces at jlab.org> on behalf of Lorelei Carlson via Cuga <cuga at jlab.org>
Sent: Tuesday, March 19, 2024 10:48 AM
To: cuga at jlab.org
Subject: [Cuga] Notes/Reminders for Users re: login.jlab.org changes- A message from Brad Sawatzky

Details are also in the User Weekly here:
https://www.jlab.org/news/briefs/jlab-weekly-scientific-users-march-13-2024

----------------------------------------------------------------
MFA IMPLEMENTATION FOR INTERNET-FACING SERVICES - MARCH 19

To improve the lab’s cybersecurity posture, the CST Division will
require multifactor authentication (MFA) for Virtual Desktop
Infrastructure (VDI) and Secure Shell (SSH), login.jlab.org, beginning
Tuesday, March 19. This includes both the Windows and Linux VDI
environments. It has become increasingly clear that passwords alone
are not sufficient protection for sensitive information, and experts
recommend implementing MFA where available.

- NOTE: If you already have a 2-factor token to login to ifarm
  nodes, then you can use the exact same process to connect to
  login.jlab.org.
  https://jlab.servicenowservices.com/scicomp/?id=kb_article_view&sysparm_article=KB0015066

In addition to new MFA authentication requirements, CST will
shut down non-anonymous file transfer protocol (FTP) access
through ftp.jlab.org. If you currently use anonymous FTP for your
work, please plan to move to OneDrive or SharePoint, as these options
are more secure.

  • Windows VDI: The Windows VDI environment will require smartcard
    MFA. If you do not have a smartcard and require access to these
    systems, please email the Help Desk to have a smartcard
    created for you. You can set up an appointment to receive the
    smartcard, and remote staff and users can have the smartcard
    mailed to them.

  • Linux VDI: On Jan. 29, CST rolled out a new RHEL 9 environment
    for VDI that will replace RHEL 7. The RHEL 9 environment requires
    MFA, and RHEL 7 will require MFA beginning Tuesday, March 19.
    Linux VDI and SSH through login.jlab.org will require enrollment
    in our MobilePass system, which can use either token-based
    authentication OR authentication via an authenticator app (for
    example, Google or Microsoft).  As RHEL 7 becomes end-of-life in
    June, we will be disabling RHEL 7 VDI during the June maintenance.

For questions, contact the Help Desk <helpdesk at jlab.org>, x7155.

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00001.txt
URL: <https://mailman.jlab.org/pipermail/hallb/attachments/20240319/c9f7bc18/attachment.txt>


More information about the Hallb mailing list