Question

How do I connect to the Unix Bastion in Terminal using Duo?

Overview

To get started with Duo you'll need to have an account and the application installed, running and configured on your smartphone. For more information see Getting started with Duo.

Answer

1. Launch Terminal
2. SSH tunnel to dyad.ucdavis.edu, ensure you're using your Kerberos LoginID
3. You will be prompted to accept the RSA key fingerprint in order to proceed

4. Enter your Kerberos Passphrase

5. You will then be asked for a Duo validation method
   • You will only be presented with the Push option if you have a smartphone with the app installed and configured on your account.
   • You will only be presented with the SMS option if you have a device entered that is listed as cell phone (and not a land line).
6. After validating your identity you will be connected to the Bastion host

Advanced configuration options:

• To setup specific hosts to always use the Bastion Host, edit your .ssh/config file:
  host example-hostname-here
      ProxyJump KerberosLoginID@dyad.ucdavis.edu

• To setup your computer to use an existing Bastion Host connection, so that you only have to authenticate to the Bastion Host once, edit your .ssh/config file:
  host dyad.ucdavis.edu
      ControlMaster auto
      ControlPath ~/.ssh/cm_socket/%r@%h:%p