Difference between revisions of "Logging into the Hall C cluster"
From HallCWiki
Jump to navigationJump to search| Line 24: | Line 24: | ||
=== Enrollment process === | === Enrollment process === | ||
'''1)''' Contact the Help desk and request a 2-factor token for your smartphone. | '''1)''' Contact the Help desk and request a 2-factor token for your smartphone. | ||
| − | * '''NOTE! ''' If you are off-site then you must mention this in your request. Your phone will need to be connected to a wifi network '''and''' you will need to tell the Help desk what that network is. | + | * '''NOTE! ''': If you are off-site then you must mention this in your request. Your phone will need to be connected to a wifi network '''and''' you will need to tell the Help desk what that network is. |
** One easy way to do this is to connect to the wifi network you will use, then point your browser at [http://www.whatismyip.com What is my IP]. | ** One easy way to do this is to connect to the wifi network you will use, then point your browser at [http://www.whatismyip.com What is my IP]. | ||
| − | + | ** Tell the help desk you will be connecting from the network associated with the IP address shown. | |
* If you are connected via the JLab wifi network then you do not have to do anything special. | * If you are connected via the JLab wifi network then you do not have to do anything special. | ||
| Line 32: | Line 32: | ||
'''3)''' You should receive an enrollment email from JLab. | '''3)''' You should receive an enrollment email from JLab. | ||
| − | * If you are enrolling from off-site, then you must wait until the agreed upon appropriate activation period starts. Steps (4) and (5) must be done using your phone '''while connected to the network mentioned in step 1'''. | + | * ''If you are enrolling from off-site'', then you must wait until the agreed upon appropriate activation period starts. Steps (4) and (5) must be done using your phone '''while connected to the network mentioned in step 1'''. |
* When the activation period begins (or anytime, if you are connected to the JLab wifi network) proceed to step 4. | * When the activation period begins (or anytime, if you are connected to the JLab wifi network) proceed to step 4. | ||
| − | '''4)''' Follow the http://jauth1... link and chose the "Android/iPhone install" option using your phone. Note that you may get a certificate warning -- that is OK. The system will then send you a second email. | + | '''4)''' Follow the "<nowiki>http://jauth1...</nowiki>" link and chose the "Android/iPhone install" option using your phone. Note that you may get a certificate warning -- that is OK. The system will then send you a second email. |
'''5)''' Open this second email in one of the following Android email apps: | '''5)''' Open this second email in one of the following Android email apps: | ||
| + | * This second email will have a URI starting with token://jauth1.... '''that * must be "clickable"'''. This has been confirmed to work in these Android email clients: | ||
** GMail: https://play.google.com/store/apps/details?id=com.google.android.gm&hl=e | ** GMail: https://play.google.com/store/apps/details?id=com.google.android.gm&hl=e | ||
** K-9 Mail: https://play.google.com/store/apps/details?id=com.fsck.k9&hl=en | ** K-9 Mail: https://play.google.com/store/apps/details?id=com.fsck.k9&hl=en | ||
| − | * | + | *** '''NOTE!''' The stock Android app titled "Email" does *not* (reliably) work. If the "token://" link is not clickable, install the "GMail" client and forward the email to your gmail.com account. You can uninstall GMail when the process is complete. |
| − | ** '''NOTE!''' The stock Android app titled "Email" does *not* (reliably) work. If the "token://" link is not clickable, install the "GMail" client and forward the email to your gmail.com account. You can uninstall GMail when the process is complete. | + | * When you select the token:// link you should get a pop-up that will let you open the link using the "MP-1" program. |
| − | * When you | ||
'''6)''' MP-1 should open and install the token. You will be prompted to enter and confirm a pin to protect the token. | '''6)''' MP-1 should open and install the token. You will be prompted to enter and confirm a pin to protect the token. | ||
Revision as of 15:24, 12 February 2014
The Hall C DAQ and online analysis machines are now behind a 2-factor controlled gateway called hallgw.jlab.org.
You now need a 2-factor token in order to ssh to these machines. If you do not have one, you can ask for one at the Help Desk. There are two types of tokens:
- a physical 'CrypoCard' key fob device, and
- a software token + application (called MP-1) that can be installed on your smartphone.
How to use the 2-factor token to log in
The procedure to ssh into a Hall C machine inside the accelerator fence is now:
- ssh <user>@hallgw.jlab.org
- Use your CUE username at the prompt
- Use the 2-factor token to generate your password as indicated below:
- CryptoCard (the physical keychain-style token):
- Press the button and it will display a number. Type in your PIN immediately followed by the digits on the Cryptocard as your password (no spaces, no dashes).
- Note that the first time you log in to hallgw.jlab.org you should be prompted to select a new PIN. Don't forget it (and FTLOATIH, do not write the PIN on the hardware token).
- MP-1 Software token (ie. Android, iPhone, Blackberry):
- Run the MP-1 app and enter your PIN when prompted. Enter only the displayed 7 digit number (including the '-') at the hallgw.jlab.org password prompt ie: 'XXX-XXXX'
- CryptoCard (the physical keychain-style token):
Smartphone 2-Factor Applications
Enrollment process
1) Contact the Help desk and request a 2-factor token for your smartphone.
- NOTE! : If you are off-site then you must mention this in your request. Your phone will need to be connected to a wifi network and you will need to tell the Help desk what that network is.
- One easy way to do this is to connect to the wifi network you will use, then point your browser at What is my IP.
- Tell the help desk you will be connecting from the network associated with the IP address shown.
- If you are connected via the JLab wifi network then you do not have to do anything special.
2) Install the application to your phone using one of the links at the top of the page.
3) You should receive an enrollment email from JLab.
- If you are enrolling from off-site, then you must wait until the agreed upon appropriate activation period starts. Steps (4) and (5) must be done using your phone while connected to the network mentioned in step 1.
- When the activation period begins (or anytime, if you are connected to the JLab wifi network) proceed to step 4.
4) Follow the "http://jauth1..." link and chose the "Android/iPhone install" option using your phone. Note that you may get a certificate warning -- that is OK. The system will then send you a second email.
5) Open this second email in one of the following Android email apps:
- This second email will have a URI starting with token://jauth1.... that * must be "clickable". This has been confirmed to work in these Android email clients:
- GMail: https://play.google.com/store/apps/details?id=com.google.android.gm&hl=e
- K-9 Mail: https://play.google.com/store/apps/details?id=com.fsck.k9&hl=en
- NOTE! The stock Android app titled "Email" does *not* (reliably) work. If the "token://" link is not clickable, install the "GMail" client and forward the email to your gmail.com account. You can uninstall GMail when the process is complete.
- When you select the token:// link you should get a pop-up that will let you open the link using the "MP-1" program.
6) MP-1 should open and install the token. You will be prompted to enter and confirm a pin to protect the token.
