Home > Storage > PowerScale (Isilon) > Product Documentation > Management and Migration > PowerScale OneFS Authentication, Identity Management, and Authorization > SSH multifactor authentication with Duo
Duo is a vendor of cloud-based multifactor authentication (MFA) services. MFA enables security to prevent a hacker from masquerading as an authenticated user. Duo allows an administrator to require multiple options for secondary authentication. With multifactor authentication, even when stealing the username and password, a hacker cannot be easily authenticated to a network service without a user’s device.
Starting with version 8.2.0, OneFS supports SSH MFA with the Duo service through SMS, phone callback, and push notification through the Duo Mobile app. SSH MFA does not bypass any existing access-check process on OneFS. A user must have a valid password or public-private key and the RBAC SSH privilege. Currently, the SSH MFA configuration supports only CLI commands (no WebUI support). The following CLI commands allow you to view and configure related exposed settings:
To use Duo with OneFS, an administrator must have a Duo account to configure the following settings in the Duo service:
Note: By default, the Duo username normalization is not Active Directory aware, which means that it will alter incoming usernames before trying to match them to a user account. For example, DOMAIN\username, username@domain.com, and username are treated as the same user.
For configuration steps, see Configure SSH MFA on OneFS 8.2 Using Duo.