Difference between revisions of "Logging into the Hall C cluster"

From HallCWiki
Jump to navigationJump to search
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
NOTE: If instructions on this page fall out of date, please update it yourself and/or let a Hall C Staff Member know.
 +
 
== General Instructions ==
 
== General Instructions ==
The Hall C DAQ and online analysis machines are now behind a 2-factor controlled gateway called ''hallgw.jlab.org''.
+
The Hall C DAQ and online analysis machines are behind a 2-factor controlled gateway (computer) called ''hallgw.jlab.org''.
  
If you are logging in from a machine located outside the Accelerator fence, or via a wifi connection, you will need to ssh to <username>@hallgw.jlab.org using a 2-factor token first.  You can connect to the cdaq hosts from there.
+
If you are logging in from a machine located outside the Accelerator fence (including off-site), or via a wifi connection, you will need to ssh to <username>@hallgw.jlab.org using a 2-factor token first.  You can connect to the cdaq hosts from there.
  
 
[[Image:cc.jpg|CryptoCard Key Chain|100 px|thumb]]   
 
[[Image:cc.jpg|CryptoCard Key Chain|100 px|thumb]]   
[[Image:safenet.jpg|Safenet MobilePASS Application for Android/iPhone|100 px|thumb]]
+
[[Image:safenet.jpg|SafeNet MobilePASS Application for Android/iPhone|100 px|thumb]]
[[Image:mp1.jpg|MP-1 Application for Android/iPhone|100 px|thumb]] 
 
 
You will need a 2-factor token in order to ssh to ''hallgw.jlab.org''.  If you do not have one, you can ask for one at the Help Desk.  
 
You will need a 2-factor token in order to ssh to ''hallgw.jlab.org''.  If you do not have one, you can ask for one at the Help Desk.  
 
There are two types of tokens:
 
There are two types of tokens:
 
* a physical 'CrypoCard' key fob device, and  
 
* a physical 'CrypoCard' key fob device, and  
* a software token + application (Safenet MobilePASS / BlackShield MP-1) that can be installed on your smartphone.
+
* a software token + application (SafeNet MobilePASS) that can be installed on your smartphone.
  
 
== How to use the 2-factor token to log in ==
 
== How to use the 2-factor token to log in ==
Line 22: Line 23:
 
*** '''SafeNet MobilePASS Software token (ie. Android, iPhone, Blackberry):'''
 
*** '''SafeNet MobilePASS Software token (ie. Android, iPhone, Blackberry):'''
 
**** Run the MobilePASS app and enter your pin followed immediately by the displayed number all on the same password line and hit return.  Enter ''only'' digits, no dashes or spaces at the hallgw.jlab.org password prompt ie: 'PINXXXXXXX'
 
**** Run the MobilePASS app and enter your pin followed immediately by the displayed number all on the same password line and hit return.  Enter ''only'' digits, no dashes or spaces at the hallgw.jlab.org password prompt ie: 'PINXXXXXXX'
*** '''MP-1 Software token (ie. Android, iPhone, Blackberry):''' (Deprecated?)
 
**** Run the MP-1 app and enter your PIN into the app when prompted.  Enter ''only'' the displayed 7 digit number (including the '-') at the hallgw.jlab.org password prompt ie: 'XXX-XXXX'
 
 
** If this is the first time you have logged in to hallgw.jlab.org you may be prompted to set up a new shell.  Just accept the defaults (keep selecting 'y') and you'll be fine.  You can change them later in the unlikely event you care.
 
** If this is the first time you have logged in to hallgw.jlab.org you may be prompted to set up a new shell.  Just accept the defaults (keep selecting 'y') and you'll be fine.  You can change them later in the unlikely event you care.
 
* '''ssh <user>@cdaqlX.jlab.org''' from hallgw prompt.
 
* '''ssh <user>@cdaqlX.jlab.org''' from hallgw prompt.
  
 
== Smartphone 2-Factor Applications ==
 
== Smartphone 2-Factor Applications ==
* [https://play.google.com/store/apps/details?id=com.m2m Android / Google Play SafeNet MobilePASS application]  
+
* [https://play.google.com/store/apps/details?id=securecomputing.devices.android.controller Android / Google Play SafeNet MobilePASS application]  
 
* [https://itunes.apple.com/app/safenet-mobilepass/id364682261 iPhone / Apple SafeNet MobilePASS application]
 
* [https://itunes.apple.com/app/safenet-mobilepass/id364682261 iPhone / Apple SafeNet MobilePASS application]
  
* [https://play.google.com/store/apps/details?id=com.m2m Android / Google Play MP-1 application] (Deprecated?)
 
* [https://itunes.apple.com/us/app/cryptocard-mp-1-authentication/id421105724 iPhone / Apple MP-1 application] (Deprecated?)
 
 
=== Enrollment process ===
 
=== Enrollment process ===
'''1)''' Contact the Help desk and request a 2-factor token for your smartphone.
+
# Contact the Help desk and request a 2-factor token for your smartphone.  They may require your JLab sponsor to acknowledge the request.
* '''NOTE! ''': If you are off-site then you should mention this in your requestYour phone will need to be connected to a wifi network '''and''' you will need to tell the Help desk what that network is. 
+
# You should receive an enrollment email from JLab.  Follow the instructions in the email to complete the enrollment.
** One easy way to do this is to connect to the wifi network you will use, then point your browser at [http://www.whatismyip.com What is my IP]. 
+
#* This will require you to download the MobilePASS phone app as noted above, then read and follow the instructions in the enrollment email while on your phone.
** Tell the help desk you will be connecting from the network associated with the IP address shown.
 
* If you are connected via the JLab wifi network then you do not have to do anything special.
 
 
 
'''2)''' You should receive an enrollment email from JLab.  Follow the instructions in th email to complete the enrollment.
 
 
 
==== Detailed (Obsolete) Instructions ====
 
<font color=blue>'''I believe the instructions that follow are ''no longer needed'' with the new 'Safenet' enrollment process.  I will leave them here for posterity.'''</font>
 
 
 
* ''If you are enrolling from off-site'', then you must wait until the agreed upon appropriate activation period starts.  Steps (4) and (5) must be done using your phone '''while connected to the network mentioned in step 1'''.
 
* When the activation period begins (or anytime, if you are connected to the JLab wifi network) proceed to step 4.
 
 
 
'''3)''' Install the application to your phone using one of the links at the top of the page.
 
 
 
'''4)''' Follow the "<nowiki>http://jauth1...</nowiki>" link and chose the "Android/iPhone install" option using your phone.  Note that you may get a certificate warning -- that is OK.  The system will then send you a second email.
 
 
 
'''5)''' Open this second email in one of the Android email described below.
 
* The second email will have a URI starting with token://jauth1....  '''that link must be "clickable"'''.  This has been confirmed to work in these Android email clients:
 
** GMail: https://play.google.com/store/apps/details?id=com.google.android.gm&hl=e
 
** K-9 Mail: https://play.google.com/store/apps/details?id=com.fsck.k9&hl=en
 
*** '''NOTE!''' <font color=red>The stock Android app titled "Email" does *not* (reliably) work.</font>  If the "token://" link is not clickable, install the "GMail" client and forward the email to your gmail.com account.  You can uninstall GMail when the process is complete.
 
* When you select the token:// link you should get a pop-up that will let you open the link using the "MP-1" program.
 
 
 
'''6)''' MP-1 should open and install the token.  You will be prompted to enter and confirm a pin to protect the token.
 

Latest revision as of 09:20, 12 October 2022

NOTE: If instructions on this page fall out of date, please update it yourself and/or let a Hall C Staff Member know.

General Instructions

The Hall C DAQ and online analysis machines are behind a 2-factor controlled gateway (computer) called hallgw.jlab.org.

If you are logging in from a machine located outside the Accelerator fence (including off-site), or via a wifi connection, you will need to ssh to <username>@hallgw.jlab.org using a 2-factor token first. You can connect to the cdaq hosts from there.

CryptoCard Key Chain
SafeNet MobilePASS Application for Android/iPhone

You will need a 2-factor token in order to ssh to hallgw.jlab.org. If you do not have one, you can ask for one at the Help Desk. There are two types of tokens:

  • a physical 'CrypoCard' key fob device, and
  • a software token + application (SafeNet MobilePASS) that can be installed on your smartphone.

How to use the 2-factor token to log in

The procedure to ssh into a Hall C machine inside the accelerator fence is now:

  • ssh <user>@hallgw.jlab.org
    • Use your CUE username at the prompt
    • Use the 2-factor token to generate your password as indicated below:
      • CryptoCard (the physical keychain-style token):
        • Press the button and it will display a number. Type in your PIN immediately followed by the digits on the Cryptocard as your password (no spaces, no dashes).
        • Note that the first time you log in to hallgw.jlab.org you may be prompted to select a new PIN. Don't forget it (and FTLOATIH, do not write the PIN on the hardware token).
      • SafeNet MobilePASS Software token (ie. Android, iPhone, Blackberry):
        • Run the MobilePASS app and enter your pin followed immediately by the displayed number all on the same password line and hit return. Enter only digits, no dashes or spaces at the hallgw.jlab.org password prompt ie: 'PINXXXXXXX'
    • If this is the first time you have logged in to hallgw.jlab.org you may be prompted to set up a new shell. Just accept the defaults (keep selecting 'y') and you'll be fine. You can change them later in the unlikely event you care.
  • ssh <user>@cdaqlX.jlab.org from hallgw prompt.

Smartphone 2-Factor Applications

Enrollment process

  1. Contact the Help desk and request a 2-factor token for your smartphone. They may require your JLab sponsor to acknowledge the request.
  2. You should receive an enrollment email from JLab. Follow the instructions in the email to complete the enrollment.
    • This will require you to download the MobilePASS phone app as noted above, then read and follow the instructions in the enrollment email while on your phone.
Retrieved from "https://hallcweb-2024.jlab.org/wiki/index.php?title=Logging_into_the_Hall_C_cluster&oldid=21263"