Two-factor authentication (2FA) refers to an authentication method in which a user is granted access to the Cineca HPC systems (currently mandatory to access Leonardo) only after successfully presenting two pieces of evidence (or factors). Verifying your identity, using an independent second factor, prevents other users from logging in with your identity, even if they have the password. Two-factor authentication (hereafter 2FA) therefore adds a further level of security to the authentication for access to services based on the Identity Provider.
The new access mode proposed is entirely transparent for the user, who continues to use the ssh client as usual. During the first connection, the user will see a web page open in his browser where she/he will authenticate to our Identity Provider. Once authentication has taken place, the server will issue a timed certificate which can be used to connect to Cineca systems via SSH client.