====== Remote access to linux.cs via Jumphost/Duo ======

In addition to other forms of remote access, CS Techstaff provides multifactor SSH access to non-forward-facing hosts through the following pair of bastion (jump) hosts.

  * ''bastion1.cs.uchicago.edu''
  * ''bastion2.cs.uchicago.edu''

In order to access CS systems, a CS account is required. In order to access a host that is not directly connected to the Internet via one of the bastion hosts, you may do the following, typing in your CnetID account password at the prompt. 

<code>
amcguire@Andrews-MacBook-Pro ~ % ssh -J bastion1.cs.uchicago.edu linux1.cs.uchicago.edu
(amcguire@bastion1.cs.uchicago.edu) Password: 
(amcguire@bastion1.cs.uchicago.edu) Duo two-factor login for amcguire

Enter a passcode or select one of the following options:

 1. Duo Push to XXX-XXX-YYYY
 2. Phone call to XXX-XXX-YYYY
 3. SMS passcodes to XXX-XXX-YYYY

Passcode or option (1-3): 1
Success. Logging you in...
Last login: Thu Aug 28 17:21:05 2025 from 128.135.24.34
amcguire@focal1:~$ 
</code>

In the preceding, please observe that ''YYYY'' should be the last four digits of your telephone number that's been enrolled with Duo, while the ''-J'' option is used to specify that ''bastion1'' is the proxy jump host used to "jump" to ''linux1''.  A similar result may be obtained via an entry in ''~/.ssh/config'' such as the following.

<code>
amcguire@Andrews-MacBook-Pro ~ % cat .ssh/config 
Host linux1
  HostName linux1.cs.uchicago.edu
  ProxyJump bastion1.cs.uchicago.edu
</code>

So that then all that needs to be done is

<code>
aamcguire@Andrews-MacBook-Pro ~ % ssh linux1
(amcguire@bastion1.cs.uchicago.edu) Password: 
(amcguire@bastion1.cs.uchicago.edu) Duo two-factor login for amcguire

Enter a passcode or select one of the following options:

 1. Duo Push to XXX-XXX-YYYY
 2. Phone call to XXX-XXX-YYYY
 3. SMS passcodes to XXX-XXX-YYYY

Passcode or option (1-3):
</code>

eliminating the need for the ''-J'' option.