Difference between revisions of "Logging into the Hall C cluster"
From HallCWiki
Jump to navigationJump to search| Line 38: | Line 38: | ||
'''4)''' Follow the "<nowiki>http://jauth1...</nowiki>" link and chose the "Android/iPhone install" option using your phone. Note that you may get a certificate warning -- that is OK. The system will then send you a second email. | '''4)''' Follow the "<nowiki>http://jauth1...</nowiki>" link and chose the "Android/iPhone install" option using your phone. Note that you may get a certificate warning -- that is OK. The system will then send you a second email. | ||
| − | '''5)''' Open this second email in one of the | + | '''5)''' Open this second email in one of the Android email described below. |
| − | * | + | * The second email will have a URI starting with token://jauth1.... '''that * must be "clickable"'''. This has been confirmed to work in these Android email clients: |
** GMail: https://play.google.com/store/apps/details?id=com.google.android.gm&hl=e | ** GMail: https://play.google.com/store/apps/details?id=com.google.android.gm&hl=e | ||
** K-9 Mail: https://play.google.com/store/apps/details?id=com.fsck.k9&hl=en | ** K-9 Mail: https://play.google.com/store/apps/details?id=com.fsck.k9&hl=en | ||
| − | *** '''NOTE!''' The stock Android app titled "Email" does *not* (reliably) work. If the "token://" link is not clickable, install the "GMail" client and forward the email to your gmail.com account. You can uninstall GMail when the process is complete. | + | *** '''NOTE!''' <font color=red>The stock Android app titled "Email" does *not* (reliably) work.</font> If the "token://" link is not clickable, install the "GMail" client and forward the email to your gmail.com account. You can uninstall GMail when the process is complete. |
* When you select the token:// link you should get a pop-up that will let you open the link using the "MP-1" program. | * When you select the token:// link you should get a pop-up that will let you open the link using the "MP-1" program. | ||
'''6)''' MP-1 should open and install the token. You will be prompted to enter and confirm a pin to protect the token. | '''6)''' MP-1 should open and install the token. You will be prompted to enter and confirm a pin to protect the token. | ||
Revision as of 14:36, 3 April 2014
The Hall C DAQ and online analysis machines are now behind a 2-factor controlled gateway called hallgw.jlab.org.
You now need a 2-factor token in order to ssh to these machines. If you do not have one, you can ask for one at the Help Desk. There are two types of tokens:
- a physical 'CrypoCard' key fob device, and
- a software token + application (called MP-1) that can be installed on your smartphone.
How to use the 2-factor token to log in
The procedure to ssh into a Hall C machine inside the accelerator fence is now:
- ssh <user>@hallgw.jlab.org
- Use your CUE username at the prompt
- Use the 2-factor token to generate your password as indicated below:
- CryptoCard (the physical keychain-style token):
- Press the button and it will display a number. Type in your PIN immediately followed by the digits on the Cryptocard as your password (no spaces, no dashes).
- Note that the first time you log in to hallgw.jlab.org you should be prompted to select a new PIN. Don't forget it (and FTLOATIH, do not write the PIN on the hardware token).
- MP-1 Software token (ie. Android, iPhone, Blackberry):
- Run the MP-1 app and enter your PIN when prompted. Enter only the displayed 7 digit number (including the '-') at the hallgw.jlab.org password prompt ie: 'XXX-XXXX'
- CryptoCard (the physical keychain-style token):
- If this is the first time you have logged in to hallgw.jlab.org you may be prompted to set up a new shell. Just accept the defaults (keep selecting 'y') and you'll be fine. You can change them later in the unlikely event you care.
Smartphone 2-Factor Applications
Enrollment process
1) Contact the Help desk and request a 2-factor token for your smartphone.
- NOTE! : If you are off-site then you must mention this in your request. Your phone will need to be connected to a wifi network and you will need to tell the Help desk what that network is.
- One easy way to do this is to connect to the wifi network you will use, then point your browser at What is my IP.
- Tell the help desk you will be connecting from the network associated with the IP address shown.
- If you are connected via the JLab wifi network then you do not have to do anything special.
2) Install the application to your phone using one of the links at the top of the page.
3) You should receive an enrollment email from JLab.
- If you are enrolling from off-site, then you must wait until the agreed upon appropriate activation period starts. Steps (4) and (5) must be done using your phone while connected to the network mentioned in step 1.
- When the activation period begins (or anytime, if you are connected to the JLab wifi network) proceed to step 4.
4) Follow the "http://jauth1..." link and chose the "Android/iPhone install" option using your phone. Note that you may get a certificate warning -- that is OK. The system will then send you a second email.
5) Open this second email in one of the Android email described below.
- The second email will have a URI starting with token://jauth1.... that * must be "clickable". This has been confirmed to work in these Android email clients:
- GMail: https://play.google.com/store/apps/details?id=com.google.android.gm&hl=e
- K-9 Mail: https://play.google.com/store/apps/details?id=com.fsck.k9&hl=en
- NOTE! The stock Android app titled "Email" does *not* (reliably) work. If the "token://" link is not clickable, install the "GMail" client and forward the email to your gmail.com account. You can uninstall GMail when the process is complete.
- When you select the token:// link you should get a pop-up that will let you open the link using the "MP-1" program.
6) MP-1 should open and install the token. You will be prompted to enter and confirm a pin to protect the token.
