If you don't read anything else, read this...
Policy mandates that 2FA is required whenever any person working from a remote location utilizes administrative credentials to access a server that is used to store or process confidential or Category I university data. This includes cases where an initial login is performed with non-administrative credentials and privileges are escalated after a session is established (e.g., sudo or su).
This page lists the acceptable options for remote administrative access to university servers which store or process Category I data. Certain options may work better in specific environments than others - consult your local IT support staff for any implementation questions or issues. If you need to use a 2FA option not on this list, please contact us at security@utexas.edu.
Remote access to workstations and non-server devices should be handled through the UT VPN service.
| Service type | Operating Systems | 2FA option(s) | Notes |
|---|---|---|---|
| Secure Shell | Linux, Unix, Windows, OS X | Password protected public key, or Toopher (via PAM), or PAM OATH, or VPN group with IPTables rules |
|
| Remote Desktop | Windows | Certificate-based auth, or Toopher, or VPN group with firewall rules | |
| VNC | Linux, Unix | SSH tunnel with password-protected public key, or VPN group with firewall rules | |
| Apple Remote Desktop | OS X | SSH tunnel with password-protected public key, or VPN group with firewall rules | |
| TeamViewer | * | VPN group with firewall rules, or OATH compliant app (e.g., Google Authenticator, Toopher, Duo Security) |
