Merge pull request #388 from hpcleuven/feature/MFA_authentication

More tips on MFA with e.g. NX
hpcleuven · Feb 8, 2024 · e6fb6e7 · e6fb6e7
2 parents 32e5b1e + a74018b
commit e6fb6e7
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 7 deletions.
diff --git a/source/access/mfa_guide.rst b/source/access/mfa_guide.rst
@@ -120,10 +120,16 @@ First of all, verify that your agent is running. You can do this by executing::
 
 If the agent is not running, you will get a
 ``Could not open a connection to your authentication agent.`` message. In this
-case you can start the agent with::
+case you can start an instance of the agent with::
 
     eval $(ssh-agent)
 
+.. note::
+   If you start your agent in this way, it is only accessible within the context of your 
+   current shell. If you want to connect with NoMachine NX, you should also start your 
+   NoMachine client from within this shell via the ``nxplayer`` command. Otherwise it will 
+   not be able to access the certificate stored in your agent.
+
 (to kill the agent use ``eval "$(ssh-agent -k)"``)
 
 If your agent is running, the ``ssh-add -l`` will list the identities that were
@@ -157,10 +163,13 @@ continuing:
 The indentation is not strictly necessary, but is recommended for readability.
 
 If you now connect to the cluster using your standard ``ssh`` command, the
-certificate will automatically be stored for as long as your agent lives. If
-you want to use apps that use ``ssh`` in the background (NX, FileZilla), you will
-have to do this connection to the cluster as well. You are free to log out of
-that session afterwards. 
+certificate will automatically be stored for as long as your agent lives. 
+
+If you want to use apps that use ``ssh`` in the background (NX, FileZilla), you 
+should also first inject a certificate in your agent before trying to connect.
+This can be done by connecting to the VSC firewall page with agent forwarding::
+
+    ssh -A [email protected]
 
 .. note::
 

diff --git a/source/access/nx_start_guide.rst b/source/access/nx_start_guide.rst
@@ -19,7 +19,7 @@ NX session.
 You may also refer to :ref:`MFA Quick Start Guide <mfa for nx>` for additional information.
 
 
-1. Start the NoMachine client and press **Continue** till you see the screen
+1. Start the NoMachine client and press **Continue** until you see the screen
    listing your connections, titled **Machines**.
 
 #. Press **Add** to create a new connection
@@ -43,7 +43,7 @@ You may also refer to :ref:`MFA Quick Start Guide <mfa for nx>` for additional i
 
 #. If this is your first login via NX, you will need to enter your VSC username
 
-#. Your private key will be automatically fetched from your SSH agent
+#. Your private key or certificate will be automatically fetched from your SSH agent
 
 #. If you are creating for the first time choose **Create a new virtual desktop**.
    Otherwise please refer to the :ref:`section on how to reconnect to an NX session