Can’t Log In to sftp.itd.umich.edu (SFTP Client Errors or Problems With Duo)

Environment

Using SFTP to access files stored in AFS.

Issue

You cannot log in to sftp.itd.umich.edu via SFTP despite having an AFS home directory and using the correct username and password.  However, you are able to log in to login.itd.umich.edu using SSH.  You may receive an error saying that your username or password are incorrect (even though they are correct), you may not receive a Duo prompt, or you may not be able to use Duo with the SFTP server.

This problem can also occur when trying to use SFTP to access login.itd.umich.edu or umpire.dsc.umich.edu.

Resolution

The SFTP client software (application) the person is using may not support keyboard-interactive authentication, which is required for Duo.

  • Solution 1: Switch to another SFTP client instead (such as) that supports keyboard-interactive authentication.
    • Clients:
      • WinSCP (Windows): Works
      • FileZilla (macOS, Windows, Linux): works only if you set "Logon Type" to "Interactive" for the site under the File -> Site Manager menu.
      • Cyberduck (macOS, Windows): works, with the caveats below
        • NOTE: there is a bug in Cyberduck versions 8.4.4 and 8.4.5 that prevents Duo from working.  Upgrade Cyberduck to version 8.4.6 or later in order to use Cyberduck with Duo.
        • If you are running Cyberduck on Microsoft Windows, you will not see the text of the Duo prompt -- the text will be cut off and it is not possible to make the window larger to view the text.  The university is reporting this bug to the Cyberduck authors. We hope it will be fixed in a future version of Cyberduck (the current version as of the time this was written was 8.4.6).  Affected individuals can enter the number 1 for Duo push, number 2 for phone call, and number 3 for SMS passcodes and click "Continue."
           
  • Solution 2: Use the SFTP server sftp.web.itd.umich.edu (instead of sftp.itd.umich.edu) from a university network or a U-M VPN.  sftp.web.itd.umich.edu does not require Duo, and should work with most SFTP clients.

Additional Information

Connecting to SFTP:  Any connection using SFTP protocol will require an on campus connection, or the use of the U-M VPN.

Need additional information or assistance? Contact the ITS Service Center.

Details

Article ID: 9865
Created
Wed 3/15/23 9:05 PM
Modified
Tue 9/5/23 11:25 AM

Related Articles (1)

People cannot log in to cheerleading.dsc.umich.edu using SSH or SFTP. cheerleading.dsc.umich.edu has been permanently shut down and replaced by umpire.dsc.umich.edu. Log in to umpire.dsc.umich.edu instead.