Osprey Server osprey.unf.edu
The server osprey.unf.edu was upgraded in December 2021. With it, as a security best practice, and in line with other UNF systems directly accessible from the internet, the new Osprey server has been updated to support Duo two-factor authentication capabilities.
Osprey Server Features
Two-Factor Authentication
The requirement for Duo 2FA will add an additional prompt to the ssh login process and will require an additional settings change with some graphical SSH clients, such as the free Bitvise SSH client. Also, because this is a new server with new host keys, returning Osprey users should be aware that they will be prompted with a security warning notice that the host key is unknown and will be required to trust the new host.
Environment Upgrades
The updated programming environments available on the new Osprey server include:
Software |
Osprey (RHEL6) |
Osprey (RHEL8) |
---|---|---|
GCC (c/c++) |
4.4.7 |
8.4.1 |
Golang (go) |
None |
go1.15.14 |
OpenJDK (java) |
1.8 |
1.8 |
PERL |
5.10.1 |
5.26.3 |
PHP |
5.3.3 |
7.4.6 |
Python |
2.6.6 |
3.9.2 |
Ruby |
1.8.7 |
2.7.4 |
Authentication Settings
Duo 2FA setup on Osprey.unf.edu will require changes to default connection settings, when using some graphical SSH/SFTP clients, such as the free Bitvise client available in the UNF Software Center.
- Individuals need to change the clients default authentication method to "keyboard-interactive"
- Individuals should also use only their n# as their Username, not a domain-qualified version such as 'unfcsd\n#'.
Screenshot for a working Bitvise client profile
After successful password authentication, individuals already enrolled in Duo should get a second authentication prompt (2FA), with
Osprey Duo menu options
If an individual is not yet to enrolled in Duo, they will be presented with a Duo enrollment URL to copy/paste into their browser or they can follow these instructions to complete Duo enrollment.
If an individual is already successfully enrolled in Duo but is still being presented with a Duo enrollment option, it's most likely they have entered the format of their username incorrectly.
It should be only their n#, not 'unfcsd\n#' or 'n#@unfcsd.unf.edu'
Improper username format causing additional Duo enrollment
SSH Host Key Changes
Working Bitvise client profile
If you are a returning Windows user using the Bitvise graphical ssh client, accept and save the host key change
Working Putty client profile
If you are a returning Windows user using the Putty graphical ssh client, accept and save the host key change.
Bitvise first-time or new device connection
Individuals using Bitvise and connecting for the first time should accept and save the New host key. The notification will also appear when connecting on a new device.
Putty first-time or new device connection
Individuals using Putty and connecting for the first time should accept and save the New host key. The notification will also appear when connecting on a new device.