This site requires JavaScript to be enabled
An updated version of this article is available
Knowledge Base: Public
Category: Information Security / Duo (Multi-Factor Authentication)
5075 views

3.0 - Last modified on 2025-02-06 Revised by Noah Chang

2.0 - Last modified on 2024-05-07 Revised by Noah Chang

1.0 - Created on 2016-01-25 Authored by IET

Question

How do I configure Duo Multi-Factor Authentication with SecureCRT SSH?

Overview

SecureCRT is a more user-friendly SSH-client alternative to PuTTY (Windows, macOS, and Linux clients are available for SecureCRT). SecureCRT requires a yearly license purchased through IET Software ($6.50/year) and can be obtained and downloaded from the Software Catalog.

To get started with Duo you'll need to have an account and the application installed, running and configured on your smartphone. For more information on getting started with Duo, please see KB0002934.

Answer

This article will walk you through setting up a session to the Unix bastion hosts, which one can then just click on and connect to in the future without configuring again.

  1. Launch SecureCRT.
  2. Right click on Sessions, and choose New Session.


  3. In the left hand Category pane, select Connection. 
  4. In the right pane next to the Name field, type in a short name that will help you identify the service. This string will be the connection option you see and choose after launching SecureCRT in the future.
  5. For the Terminal drop down select SSH2.
  6. For File Transfer select SCP.


  7. Back in the left pane, select SSH2.
  8. In the right pane, configure the following:
    • Hostname: Enter dyad.ucdavis.edu. If you want to configure connections to the individual hosts, repeat the configuration process for tandem.ucdavis.edu and dosisdo.ucdavis.edu separately.
    • Username: Enter your UCD Login ID. If this is left blank, you will have to enter your UCD Login ID every time you attempt to connect.
    • Authentication: It is imperative you use the scroll arrows and highlight the Keyboard Interactive choice. Make sure it’s checked and use the scroll arrows to move this option all the way to the top.  This is necessary for connections to work.  Uncheck the PublicKey and GSSAPI options.


  9. Select Terminal in the left pane.
  10. Check the Send protocol NO-OP and enter 10 under the Anti-idle field. This option is to send the connection a message once every 10 seconds to alert it to keep the connection alive.  This allows you to leave the session open while you’re not working in it and hopefully not have the session close.


  11. Hit the OK here and your session configuration will save and the name of the configuration you created above will appear on the left hand side of SecureCRT.
  12. Click on the new session configuration you’ve created twice to connect for the first time and set-up your Duo authentication.
  13. On this first connection, you will be presented with a New Host Key fingerprint.
  14. Choose the Accept & Save option.


  15. You will then be prompted for your UC Davis Passphrase, enter it and click OK.
Authored by IET
Last modified 2023-05-31 01:23:48 PM