July 15, 2021: Two-Step Login Required for All CU VPN Users – 6/24/21

CIT is requiring Two Factor Authentication for all CU VPN users and recommends that all user switch to  Two-Step Login for CU VPN as soon as possible.

Directions on how to use Two Factor Authentication for VPN can be found here: Windows, Macintosh, Linux, and mobile devices

If you are not already setup for Two Factor Authentication, please follow these steps:


July 15, 2021: Github Enterprise Will Update Authentication Methods

On July 13, 2021, Cornell’s Github Enterprise service will be updated for enhanced security. This change will mirror the upcoming change to token authentication on the main Github.com website. This change may impact some users depending on how they interact with Cornell’s Github Enterprise service.

If you use your Cornell netid and Cornell password for authentication during Git operations, you must switch to token-based authentication or SSH-based authentication.

Logging into the website interface will continue to work, albeit using Cornell’s Two-Step login.

You can read more about changes you might need to make on the Github Authentication support page.

AppSMTP Server Upgrade 3/31/21

As announced, Cornell AppSMTP, a service used to deliver automated email to users from multi-function printers and scanners, applications, and monitoring devices, will require that the email address used is a valid EGA and must be registered with the new AppSMTP system:


Due to limitations of some web applications and hardware devices that cannot be configured to use a valid EGA email address, ITSG will continue to support a local AppSMTP server to relay mail to Cornell AppSMTP system.

On Thurs 04/01/2021 between 6:30 AM – 7:00 AM, the local AppSMTP server, “appsmtp.coecis.cornell.edu” is scheduled to be upgraded with a current system with features that address the requirements in the new Cornell AppSMTP service.

If you notice problems with your applications or devices that generate email, please report to COE/CIS IT HelpDesk <itcoecis-help@cornell.edu>.

CSLinux SSL key changes 2/03/21

New servers were added to the pool of servers for cslinux on 1/28. The new servers had a different SSL key, so you may have received an SSL key warning message in your SSL client about a possible security issue.

We have reverted back to the old SSL key for cslinux to prevent these warning messages. If you have already replaced the SSL key, you may have to switch back to the old SSL key in your SSH client.

Here is the list of valid keys for cslinux to verify on your client:

256 SHA256:2TVE7PC2LVxvnVivdn7/GtcyWlS+Fnjqnd2J/QL1cT4 en-cc-linux01.coecis.cornell.edu (ECDSA)
2048 SHA256:jevpn5Ako2pibJ1LI71FOj5Lgu/ui7C4yNn37oNXaoE en-cc-linux01.coecis.cornell.edu (RSA)
256 SHA256:S/nx2/OXeHyvxP6lT5qWFa99MokJnzFL6Fl+xJsTUEU en-cc-linux01.coecis.cornell.edu (ED25519)

Department VPN’s are moving to Two Factor Authentication 11/18/20

CIT is migrating Cornell Department VPN’s  to Two Factor Authentication between now and 12/31/2020: https://it.cornell.edu/news/two-step-login-requirement-departmental-vpns/20201116

Directions on how to use Two Factor Authentication for VPN can be found here: Windows, Macintosh, Linux, and mobile devices

If you are not already setup for Two Factor Authentication, please follow these steps:


CIS PhD email alias sending broken due to Two-Factor authentication deployment -7/21/20

Cornell recently turned on two-factor authentication for all student accounts:

A side-effect of this is that now external SMTP and IMAP clients (like GMail) no longer work to send from @cs.cornell.edu and @infosci.cornell.edu email aliases

  • Currently there are a few work-arounds:
    • Use Mail client like Outlook, or Apple Mail…others listed at link above.
    • Use Outlook Web Access: http://outlook.cornell.edu
      • When authoring a new message in OWA, click the … at top of message and choose Show From.
      • Then add @cs alias if it isn’t already populated.
        • Click the three dots at top of email and choose Show From Enter your email alias in the now-visible From Field
    • Use Thunderbird (version 77+) to configure IMAP account with following settings:
      • Incoming – IMAP
        • Server: outlook.office365.com
        • Port: 993
        • Username: netid@cornell.edu
        • Security: SSL/TLS
        • Authentication method: OAuth2
      •  Outgoing  – SMTP
        •  smtp.office365.com
        • Port: 587
        • Security: StartTLS
        • Authentication Method: OAuth2
        • Thunderbird IMAP settings supporting Two Factor AuthenticationThunderbird SMTP settings supporting Two Factor Authentication

Welcome to Our New Site

7-17-2019: Update New ITSG Support Site

On 8/1/2019 https://it.coecis.cornell.edu/ will be the new place for CoE CIS Tech ITSG support information.

We will begin deprecating previous support pages starting on that date.


5-17-2019: New ITSG Support site

Summer 2019 the ITSG will be rolling out a new site for IT support topics.

We will be working to continually improve the site and its features.  If you have feedback you would like to contribute. please Contact The ITSG