Navigation :

Setting up SSH on Windows

Using SSH on Windows with MFA

Both PuTTY and SecureCRT can be used for connecting to CSAIL Linux hosts without passwords. Kerberos tickets allow passwordless logins

Prerequisites

  1. Setup CSAIL DUO
    Sign in to https://duo.csail.mit.edu/ and configure your preferences.
  2. Install VPN
    Using the jump host on Windows is more complicated then on Linux, or MacOS. Therefore, if you need to SSH to a CSAIL system from outside the CSAIL network, you will need to install and use the MIT VPN. Inbound SSH connections to the public login server login.csail.mit.edu remain open.
  3. Setup Kerberos for Windows
    For secure, password-less SSH login to CSAIL systems, please first setup Kerberos for Windows

PuTTY

For PuTTY, v.0.61 or later, create a Saved Session with CSAIL-specific settings.

The example below will use our public login server as the host, but you can ssubstitute the CSAIL host of your choice.

In PuTTY Configuration

  1. In Session, set Host Name to login.csail.mit.edu and use csail login as the session name under “Saved Settings”
  2. Connection -> SSH -> Auth -> GSSAPI, set “Allow GSSAPI credential delegation” to YES
  3. In Connection -> Data, set “Auto-login username” to your CSAIL username
  4. Click “Save”

To use

  1. Connect to the MIT VPN if off campus. Inbound SSH connections to the public login server login.csail.mit.edu remain open.
  2. Get Kerberos Tickets
  3. Click csail login and Load.

SecureCRT

Install SecureCRT

The example below will use our public login server as the host, but you can ssubstitute the CSAIL host of your choice.

Create a New Session

  1. Connect to the MIT VPN if off campus
  2. Get Kerberos Tickets
  3. Open SecureCRT. The quick connect dialog box will open
  4. Hostname: Enter login.csail.mit.edu
    1. Port: 22 (default)
    2. Firewall: None (default)
    3. Username: Enter your CSAIL username (do not include @csail.mit.edu).
  5. Under Authentication select the following in order
    1. Keyboard Ineractive
    2. GSSAPI
  6. Session Name: Enter a name like CSAIL Login or login.csail.mit.edu.
  7. Click Connect.
  8. If you get a New Host Key prompt, click Accept & Save

Connecting a session

  1. Connect to the MIT VPN if off campus
  2. Get Kerberos Tickets
  3. After you create a new session above, your settings will save in a session with the name you saved.
  4. Click File, Connect, open your saved session