On some Mines servers, you need to initiate a sftp (secure file transfer protocol) or scp (secure copy protocol) session using putty. If you are using Duo and have a phone enrolled, then you can follow the prompts to have Duo send a push, sms, or call the device. However for those users using a 2FA fob (either provided by Mines or personally owned) there are a few additional steps required as Duo doesn't directly support codes provided by the fob.
IT has developed the following workaround for initiating a sftp/scp session through PuTTY to authenticate using a 2FA Fob:
First, in your ssh client config - usually inside $HOME/.ssh/config - you need to set the value, "SendEnv DUO_PASSCODE"
To start an sftp/scp session with jumpbox, invoke like so:
$ DUO_PASSCODE=123456 sftp jumpbox.mines.edu (replacing 123456 with the code generated by your fob)
Populate the DUO_PASSCODE environment variable with whatever code your hardware fob generated at this time. You should see it asks for your password, as normal (or if you have a key-pair setup then key-based authentication will happen), then it should correctly negotiate the Duo-challenge step using the inputted passcode (if you look at sftp with "-v" you'll see the entry, "debug1: Sending env DUO_PASSCODE = <passcode value>."