Software: Difference between revisions

From Arbeitsgruppe Kuiper
Jump to navigation Jump to search
m (→‎Overview: gitlab -> git)
m (→‎Overview: link display)
Line 8: Line 8:
* [[VPN]]
* [[VPN]]
* [[SSH and SCP]]
* [[SSH and SCP]]
* University [[Git#GitLab]] (https://git.uni-due.de)
* University [[Git#GitLab|GitLab]] (https://git.uni-due.de)
* [https://uni-due.zoom.us/profile University Zoom]
* [https://uni-due.zoom.us/profile University Zoom]
* [https://nxcl.e-services.physik.uni-due.de University Nextcloud]: This is where we have the group calendar as well!
* [https://nxcl.e-services.physik.uni-due.de University Nextcloud]: This is where we have the group calendar as well!

Revision as of 10:17, 30 April 2024

Overview

Two-Factor Authentification

The two-factor authentification (2FA) is needed for most university services as VPN or Nextcloud.

After activating your user-ID you need to activate it in the selfcare portal (https://selfcare.uni-due.de/). The website will walk you through the installation. You'll need to have e.g. an app for the generation of the second factor. I recommend using the app OpenOTP. Please make sure that you scan the shown QR-codes, they are very hard to regain.

However, it is also possible to do it without a phone or application. For this, you only need to install forcepoint and oathtool. Then, you call:

~$ sudo forcepoint-client vpn.uni-due.de

Enter your normal/central university username and password. Then, if warnings come, say yes, and it will ask you for the second factor. Copy the timestamp for the line *** Please enter reply for challenge *** and run—in the same terminal after having paused forcepoint (Ctrl+Z, then "bg", then <Enter>) or in a separate terminal—the following command:

~$ oathtool --totp -b <YOUR "SECRET"> --now="<TIMESTAMP GIVEN BY FORCEPOINT>"

It will return a six-digit number that you then give to forcepoint (fg to bring it back to the foreground, or switching to the tab). You have all the time in the world because you are giving the timestamp explicitly :). You get the "secret" from the selfcare portal when you generate a token (the QR code is just an URL and there is a "…?secret=…&" part to it; the string between "=" and "&" is the "secret").

In general, to parse a QR code: you can use zbarimg, e.g. from a quick screenshot:

~$ zbarimg "/home/georgeslemaistre/Bilder/Bildschirmfoto von 2023-10-05 15-00-00.png"
otpauth://totp/TOTP1938HK33?secret=33IHS343AMDGPH123456CO777JPIIJMJV&period=30&digits=6&issuer=uni-duisburg-essen&image=https%3A//selfcare.uni-due.de/_Resources/Static/Packages/UDE.Portal/images/logo/logo--otp.png

(No worries, this is a fake "secret" :).)

Important: make sure to execute the oathtool command prefixed with a space on the command line so that it not get saved to your command history file because your "secret" is in plain text there. You can call the command once without writing the "secret" (which of course will not work) just to have the command in the history (searching in the history on the command line: Ctrl+R). Typically, you need to close the terminal (exit) for the history actually to be written to the history file (~/.bash_history if you are using bash.) Saving the secret itself in plain text is not the best idea, obviously, so you need to find a solution for that part…

If you forgot to use a space at the beginning of the line and the terminal is still open, go up in command history with the up arrow until you get to that command, delete the command on the line and do not press enter but first go back "down to the present" with the down arrow and then press enter. You can check that it has worked by going back up (with the up arrow) and you will see a blank line where the command was. Then you can exit. If you have already closed the terminal, open the history file in an editor and delete the line but make sure that no back-up copy of the history file (containing the command...) is made, or delete it manually afterwards.