Public Login Servers

TIG maintains login servers for each supported release of Ubuntu for the convenience of the community. The login servers provide access to the CSAIL AFS cell for accessing your directory space or managing your personal web page or your group’s web hosting. The name login.csail.mit.edu will be an alias for the release that TIG currently recommends for general use, but other releases will be available from time to time using the format <codename>-login.csail.mit.edu. (As of May 21, login.csail.mit.edu has been temporarily replaced with login.csail.mit.edu and we haven’t yet updated the alias.) Currently our recommended release is 18.04LTS, codenamed bionic. (For historical reasons, the servers have canonical hostnames taken from the Scooby-Doo franchise: login.csail.mit.edu and bionic-login.csail.mit.edu are currently aliases for scooby-snacks.csail.mit.edu. The previous CSAIL Ubuntu release is available on xenial-login.csail.mit.edu aka mystery-machine.csail.mit.edu.)

Accessing these servers

You must have a CSAIL account.

SSH RSA/ECDSA/ED25519 fingerprints

If your ssh client is configured for Kerberos, it will automatically verify the identity of the server you’re connecting to using its Kerberos key.

The login.csail.mit.edu keys were last changed May 21, 2019. If you have older host keys you will need to clear them by running:

ssh-keygen -R login.csail.mit.edu

To verify keys using SSHFP records add -o VerifyHostKeyDNS=yes to your ssh command line. For example, insert your username for <username> in

ssh -o VerifyHostKeyDNS=yes <username>@login.csail.mit.edu

For manual verification:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

ssh public keys for login.csail.mit.edu
last updated 2019-05-21

256 SHA256:etADmlk/UnpHn6txTdfp/w4dgechsOfFycvDaBiUknU root@scooby-snacks (ECDSA)
256 SHA256:MNo+p43q4CwjGJ/znx3cZESkOsoVC8G0igwdOsApfbA root@scooby-snacks (ED25519)
2048 SHA256:HUMW774i6CG0SXh0kod96q/SZ9RJECSr7eu8J3PE8qo root@scooby-snacks (RSA)

Jonathan Proulx
for The Infratructure Group (TIG)
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEESCm83UpNGQKFezoWN8YiTSJbzX0FAlzkqesACgkQN8YiTSJb
zX04yw//QO+BlmYle1qNE8shE4x22wmfjm5yKYRPmGXQoPa6fPJERF1TvqLFgXRn
0G1unypxj8g7jMTZEzENYHrjth6ChiQ1Y9I7zYmlgJRxAM9wL6M1fhJU5LPMggz+
92SVnR37l/npKQFeWFhBGjv2jb10v8VWUbaBcrTDPo8n0Pbf1OvTFjpw47wRkqWy
ZFp7dVf9nwvPCQBUOJF9JTi7So4W+4A7SMYOwLnNpBlTSFrFMgiFVlmtmWCp5AK9
gmuU+ealEL3KWCRIHE/yr2xSY7+eIYvooNCrLezlfBR8ld8Q3AFBC5H5PTFftHfJ
FifN6+pzkb/h2n6Aq8fKDVvPJ7NqDlz7oTM2bjldRfL2BNAmxeYkQcmjgdIuG4HY
+5VjSovTTeMq+r9lvsjEcSWK3/c2IXd4zRkS1HXhgq/wy1uGhSQNMclTZPZRXaYg
Jgl8w5rVfwzMQXZbudAq2ThnAQTJcmNxHxddgYtgA5tNoXq7bGSGw5a623WUmS5m
bUgT+fqtyvhcW3FdH7zcM9wJ0BpARDem+GQWnYbqAkzSFgD1uuW1VjH6tTIGyl+U
YsqPYHMVCWERhHjdr2g6ek2CYPIjG7D9aC/eQzThAxhja9h5468xWOSyfIyUYTUW
6vRrlSz0LKcO7DnamcVkD4Gp5F44zwX6qzY3YkD3pNEEkMhzq7M=
=5dMk
-----END PGP SIGNATURE-----

Notes

For continuous connections to login.csail.mit.edu, Kerberos tickets and the related AFS tokens will expire every 10 hours. Run renew to obtain new credentials. After they expire, your session will remain open, but you will have very little access to files (as system:anyuser, the AFS equivalent of nobody.)

TIG provides scripts such as longsession and longscreen which will automatically renew tickets and tokens for up to a week. Run these commands with the -h flag to get more information about how to use them.

Many standard packages are available on these systems. A few packages can be added to your environment using ~/.software; if you still don’t see what you’re looking for, contact TIG.