Public Login Servers
TIG maintains login servers for each supported release of Ubuntu for the
convenience of the community.
The login servers provide access to the CSAIL AFS cell for accessing
your directory space or managing your personal web page or your group’s
web hosting. The name login.csail.mit.edu will be an alias for
the release that TIG currently recommends for general use, but
other releases will be available from time to time using the format
<codename>-login.csail.mit.edu. Currently our recommended release is 22.04LTS,
codenamed jammy. (For historical reasons, the servers have canonical
hostnames taken from
the Scooby-Doo franchise: login.csail.mit.edu and jammy-login.csail.mit.edu
are currently aliases for zoinks.csail.mit.edu.
The previous CSAIL Ubuntu release is available on bionic-login.csail.mit.edu aka scooby-snacks.csail.mit.edu and xenial-login.csail.mit.edu
aka mystery-machine.csail.mit.edu.)
Accessing these servers
You must have a CSAIL account.
- From GNU/Linux and other Unix-like systems (e.g., Mac OS, *BSD),
replace
<username>with your login name inssh <username>@login.csail.mit.edu. The<username>@can be omitted if you have the same login name on your client machine. - On Microsoft Windows, we recommend and support PuTTY (available from putty.org) and SecureCRT (licensed software, available from IS&T’s software download page).
- Do not attempt to configure public key access: this will get you
access to the system but not to your home directory; configure Kerberos
on your client system instead. This will give you similar
passwordless login and access to your home direcory once you get there.
The
sshclient on CSAIL Ubuntu is configured for Kerberos by default.
SSH RSA/ECDSA/ED25519 fingerprints
If your ssh client is configured for Kerberos,
it will automatically verify the identity of the server you’re
connecting to using its Kerberos key.
The login.csail.mit.edu keys were last changed June 7, 2022.
If you have older host keys you will need to clear them by running:
ssh-keygen -R login.csail.mit.edu
To verify keys using SSHFP records add -o VerifyHostKeyDNS=yes
to your ssh command line.
For example, insert your username for <username> in
ssh -o VerifyHostKeyDNS=yes <username>@login.csail.mit.edu
For manual verification:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
ssh public keys for login.csail.mit.edu
last updated 2022-06-07
3072 SHA256:/pRV6N25A95nI/iOTfhCPQ11528aK2SyMUVJo3BPRwg root@zoinks (RSA)
256 SHA256:X/MLn3A1rdWmyNKFdimx4DRaJC7OcU/Kii7WQT67Eyw root@zoinks (ECDSA)
256 SHA256:qRzY9+0yGZVsCEyLNBFCdvz36v4V+8BkscVjN0l5GFQ root@zoinks (ED25519)
Jonathan Proulx
for The Infratructure Group (TIG)
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEESCm83UpNGQKFezoWN8YiTSJbzX0FAmKfbZ0ACgkQN8YiTSJb
zX1JJg/9EGTD+TXQ7ZktkK1l821dyHmZzjd7QnlOWiWV1xt0nnO0hCsmLI4LYiLP
oB2fZVxqYki/Ds9sCmYuFtFT/PDXFvHpvrla1bsQqxg9JbmDXlQLMuEC7Veck0yE
IiD1cSjUMuNY8zoHaN8JqKTZz8QFBorpd2u0oqstmkAeoGfGOEeSeKBAKVYAmhNI
hTXCGomnuLmXio/5Bnz330VIiavpvVNVV7YPzGcwtu15V2yIM8/Ulq7U+MTFSsfG
pOPCGMN1rWmHzmkswujBMMfsoRsHVmyQrHBFOgs16mXONWN4KQRZH0frGv+egbiH
WejzMqW3Qj/mYksEW3yMZcr8HhMsucvrS6qPyc0wftdmU5wg1eNbyKT/i1EVESwQ
N5nimkx7uE0ppbToK5Uxkbq1lN/iFMSkgsfGppbfR591EMnZ9rG0spfVv1xH/lxQ
qF/XKYDDDnaoo9Feovtc434z4aOVEeAm7jHjCoKo1zMH8aHf1Ms3biQtOv7eguUo
G87HmmyzKCrM++eewKk0UiOzxzuisztAlMzWd4eNz5UrkX3E3DXGWDwHjdkDw83U
00bJjLJlH/9ylyZh/v3Gxgyz9bIU9CYo5SPrsTw0lHg5z/Tfc0n0IAkl5Foh6sDe
QRIkOt6Y9fD6MfgTZ3SVb7s//+lV2q8ezNoMJrVT/oeKOgJF9L8=
=Wblq
-----END PGP SIGNATURE-----
Notes
For continuous connections to login.csail.mit.edu, Kerberos tickets
and the related AFS tokens will expire every 10 hours.
Run renew to obtain new credentials.
After they expire, your session will
remain open, but you will have very little access to files (as
system:anyuser, the AFS equivalent of nobody.)
TIG provides scripts such as longsession and longscreen which will
automatically renew tickets and tokens for up to a week.
Run these commands with the -h flag to get more information about how
to use them.