The OpenSSH that is included with all modern Linux versions works with 2FA without any extra configuration. This also applies to “scp”, “sftp” and “rsync”.
If you want to enable connection sharing (to avoid having to enter your password and TOTP code for each new terminal window or file transfer):
Edit the file .ssh/config
in your home directory. This file will
typically not exist unless you already have a custom SSH
configuration.
Add a rule for the NSC cluster, with ControlMaster, ControlPersist and ControlPath set.
Example .ssh/config file:
Host duolith.nsc.liu.se
ControlMaster autoask
ControlPersist 2h
ControlPath ~/.ssh/cm-%r@%h:%p
Setting ControlMaster to “autoask” will make SSH open a window asking “Allow shared connection to …?” every time a new connection wants to use the existing login. This makes connection sharing a little more secure, as it becomes more difficult for someone that can access your account on your own computer to start a new SSH connection through the existing login. If you do not want this extra layer of security, replace “autoask” with “auto”.
Screenshots:
Guides, documentation and FAQ.
Applying for projects and login accounts.