Getting Started

When logging in, check your Duo-enrolled device and approve the request by selecting the green check mark.

If you have not set up Duo yet, visit Duo Security Enrollment to enroll or manage devices.

Using DUO_PASSCODE

You can set the DUO_PASSCODE environment variable to pre-select your Duo authentication method. This is especially helpful with SCP, SFTP, and other file transfer tools.

• push — Send a Duo push to your device.
• phone — Authenticate via phone callback.
• sms — Request a batch of SMS passcodes (first attempt fails; re-login with one of the codes).
• <numeric passcode> — Use a passcode from Duo Mobile, SMS, or a hardware token.

Append a number if you have multiple devices (e.g., push2 for your second device).

Setting DUO_PASSCODE

MobaXTerm: Configure DUO_PASSCODE in your session settings and set SSH-browser type to NONE to avoid repeated prompts.

Mac and Linux: Add this to ~/.ssh/config:

Host *.seawulf.stonybrook.edu
  SendEnv DUO_PASSCODE

Then set the variable in your terminal before logging in:

export DUO_PASSCODE=push

VPN Access

If Duo prompts are disruptive, connect through Stony Brook’s VPN. You will authenticate with Duo once when connecting to the VPN, and all SeaWulf logins through the VPN will not require Duo.

See Stony Brook VPN Access for setup instructions.