Logging into the Hall C cluster

From HallCWiki
Revision as of 11:37, 12 February 2014 by Brads (Talk | contribs)

Jump to: navigation, search

The Hall C DAQ and online analysis machines are now behind a 2-factor controlled gateway called hallgw.jlab.org.

You now need a 2-factor token in order to log in. If you do not have one, you can ask for one at the Help Desk.

There are two types of tokens: a physical 'CrypoCard' key fob device, and a software token + application (called MP-1) that can be installed on your smartphone.

CryptoCard Key Chain MP-1 Application

How to use the 2-factor token to log in

The procedure to ssh into a Hall C machine inside the accelerator fence is now:

  • ssh <user>@hallgw.jlab.org
    • Use your CUE username at the prompt
    • Use the 2-factor token to generate your password as indicated below:
      • CryptoCard (the physical keychain-style token):
        • Press the button and it will display a number. Type in your PIN immediately followed by the digits on the Cryptocard as your password (no spaces, no dashes).
      • MP-1 Software token (ie. Android, iPhone, Blackberry):
        • Run the MP-1 app and enter your PIN when prompted. Enter only the displayed 7 digit number (including the '-') at the hallgw.jlab.org password prompt ie: 'XXX-XXXX'

Smartphone Applications

Enrollment process

1) Contact the Help desk and request a 2-factor token for your smartphone.

  • NOTE! If you are off-site then you must mention this in your request. Your phone will need to be connected to a wifi network and you will need to tell the Help desk what that network is.
    • One easy way to do this is to connect to the wifi network you will use, then point your browser at What is my IP.
      • Tell the help desk you will be connecting from the network associated with the IP address shown.
  • If you are connected via the JLab wifi network then you do not have to do anything special.

2) Install the application to your phone using one of the links at the top of the page.

3) You should receive an enrollment email from JLab.

  • If you are enrolling from off-site, then you must wait until the agreed upon appropriate activation period starts. Steps (4) and (5) must be done using your phone while connected to the network mentioned in step 1.
  • When the activation period begins (or anytime, if you are connected to the JLab wifi network) proceed to step 4.

4) Follow the http://jauth1... link and chose the "Android/iPhone install" option using your phone. Note that you may get a certificate warning -- that is OK. The system will then send you a second email.

5) Open this second email in one of the following Android email apps:

  • This second email will have a URI starting with token://jauth1.... that must be "clickable". This has been confirmed to work in the above Android email clients.
    • NOTE! The stock Android app titled "Email" does *not* (reliably) work. If the "token://" link is not clickable, install the "GMail" client and forward the email to your gmail.com account. You can uninstall GMail when the process is complete.
  • When you click on the token:// link you should get a pop-up that will let you open the link using the "MP-1" program.

6) MP-1 should open and install the token. You will be prompted to enter and confirm a pin to protect the token.