Public Login Servers

TIG maintains login servers for each supported release of Ubuntu for the convenience of the community. The login servers provide access to the CSAIL AFS cell for accessing your directory space or managing your personal web page or your group’s web hosting. The name login.csail.mit.edu will be an alias for the release that TIG currently recommends for general use, but other releases will be available from time to time using the format <codename>-login.csail.mit.edu. Currently our recommended release is 22.04LTS, codenamed jammy. (For historical reasons, the servers have canonical hostnames taken from the Scooby-Doo franchise: login.csail.mit.edu and noble-login.csail.mit.edu are currently aliases for lifeday.csail.mit.edu. The previous CSAIL Ubuntu release is available on jammy-login.csail.mit.edu aka zoinks.csail.mit.edu, bionic-login.csail.mit.eduakascooby-snacks.csail.mit.eduandxenial-login.csail.mit.eduaka mystery-machine.csail.mit.edu`.)

Accessing these servers

You must have a CSAIL account.

• From GNU/Linux and other Unix-like systems (e.g., Mac OS, *BSD), replace <username> with your login name in ssh <username>@login.csail.mit.edu. The <username>@ can be omitted if you have the same login name on your client machine.
• On Microsoft Windows, we recommend and support PuTTY (available from putty.org) and SecureCRT (licensed software, available from IS&T’s software download page).
• Do not attempt to configure public key access: this will get you access to the system but not to your home directory; configure Kerberos on your client system instead. This will give you similar passwordless login and access to your home direcory once you get there. The ssh client on CSAIL Ubuntu is configured for Kerberos by default.

SSH RSA/ECDSA/ED25519 fingerprints

If your ssh client is configured for Kerberos, it will automatically verify the identity of the server you’re connecting to using its Kerberos key.

ssh-keygen -R login.csail.mit.edu

To verify keys using SSHFP records add -o VerifyHostKeyDNS=yes to your ssh command line. For example, insert your username for <username> in

ssh -o VerifyHostKeyDNS=yes <username>@login.csail.mit.edu

For manual verification:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

ssh public keys for login.csail.mit.edu
last updated December 5 2024

1024 SHA256:1EcyPPJOJcVtTUSQMIkAOE+XH67QAYaiwm3iGTq8sUk acloss@sweetpotato.csail.mit.edu (DSA)
256 SHA256:qdNz6ooHqgdnEML3YDxGac9IeKLqDW+ZNQkI9ebK12g acloss@sweetpotato.csail.mit.edu (ECDSA)
256 SHA256:779qVsmjtEXpQzuzanikhW07RMZ3XCacKI5GN5Vgfao acloss@sweetpotato.csail.mit.edu (ED25519)
3072 SHA256:MInb/7kn41JcwF2tXVhQbd1ojT2OUtxI5xTU9+gu1GM acloss@sweetpotato.csail.mit.edu (RSA)

Jonathan Proulx
for The Infratructure Group (TIG)
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEESCm83UpNGQKFezoWN8YiTSJbzX0FAmdRyUIACgkQN8YiTSJb
zX0DthAAxg+Dj8nG8WczVWNpGwcyYxLYbgnAW5eJxrMNxXxuKBjZKyGa1wMtRquu
pbE+icb4G2/cSeEgymCGIu4HrKA2kAxknvw1IskWTe9F6UniCnkxfTY7qixnn5eY
9qFbuBR+dp1094d1s3Y3FHXDWCH7504C7axqUSJW06ooA/RSNH4DzBxTbXpU+dx7
wgwQ2eSWsaMBSBvx356NrHeRsVmgj3Qm/DulEVMXNkNUjEu9IGAaNmd07IHaamUb
SYCJeb497Vc6lOdpQ1+HZR7Yr9ArTRjxsEoQA5c6u6t9zHGLau9Ir7I4lAcvWTmY
IlJEIExGUfJtTKS5HqEDMIf4xNrm9GmSgMr1rAijxLM0VkjuH19QGxC637AupFtm
28d7Qv1LRRxGNdlPRjFPXwXKAVekBAkjZX381JqfA/AuQzfRwKQIAr7mQO8Z3YmN
burTcLLfFN946j130R3FEbR0d+GL3OL5i+15wG/VeX3BFB7HxoeZL1+5gZuiAosd
Hfasr6akILfAoB70IHUF/8G4CgV6t1Z+VVpgTehClGiVvXZET5rn9zbyLvujOWKt
XUlckUaq/qsm+gKlSDPBalBd9BFT/Iqtx0JgZ29P+eRRU7OEMv+sFLcXompiJtqK
Aw/ZVKrOgeOW0UuhUHDpEdpRF9h+ZjQ9pcBAuSK2pooBpRmEgfo=
=PfR5
-----END PGP SIGNATURE-----

Notes

For continuous connections to login.csail.mit.edu, Kerberos tickets and the related AFS tokens will expire every 10 hours. Run renew to obtain new credentials. After they expire, your session will remain open, but you will have very little access to files (as system:anyuser, the AFS equivalent of nobody.)