Public Login Servers

TIG maintains login servers for each supported release of Ubuntu for the convenience of the community. The login servers provide access to the CSAIL AFS cell for accessing your directory space or managing your personal web page or your group’s web hosting. The name login.csail.mit.edu will be an alias for the release that TIG currently recommends for general use, but other releases will be available from time to time using the format <codename>-login.csail.mit.edu. Currently our recommended release is 22.04LTS, codenamed jammy. (For historical reasons, the servers have canonical hostnames taken from the Scooby-Doo franchise: login.csail.mit.edu and jammy-login.csail.mit.edu are currently aliases for zoinks.csail.mit.edu. The previous CSAIL Ubuntu release is available on bionic-login.csail.mit.edu aka scooby-snacks.csail.mit.edu and xenial-login.csail.mit.edu aka mystery-machine.csail.mit.edu.)

Accessing these servers

You must have a CSAIL account.

SSH RSA/ECDSA/ED25519 fingerprints

If your ssh client is configured for Kerberos, it will automatically verify the identity of the server you’re connecting to using its Kerberos key.

The login.csail.mit.edu keys were last changed June 7, 2022. If you have older host keys you will need to clear them by running:

ssh-keygen -R login.csail.mit.edu

To verify keys using SSHFP records add -o VerifyHostKeyDNS=yes to your ssh command line. For example, insert your username for <username> in

ssh -o VerifyHostKeyDNS=yes <username>@login.csail.mit.edu

For manual verification:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

ssh public keys for login.csail.mit.edu
last updated 2022-06-07

3072 SHA256:/pRV6N25A95nI/iOTfhCPQ11528aK2SyMUVJo3BPRwg root@zoinks (RSA)

256 SHA256:X/MLn3A1rdWmyNKFdimx4DRaJC7OcU/Kii7WQT67Eyw root@zoinks (ECDSA)

256 SHA256:qRzY9+0yGZVsCEyLNBFCdvz36v4V+8BkscVjN0l5GFQ root@zoinks (ED25519)

Jonathan Proulx
for The Infratructure Group (TIG)
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEESCm83UpNGQKFezoWN8YiTSJbzX0FAmKfbZ0ACgkQN8YiTSJb
zX1JJg/9EGTD+TXQ7ZktkK1l821dyHmZzjd7QnlOWiWV1xt0nnO0hCsmLI4LYiLP
oB2fZVxqYki/Ds9sCmYuFtFT/PDXFvHpvrla1bsQqxg9JbmDXlQLMuEC7Veck0yE
IiD1cSjUMuNY8zoHaN8JqKTZz8QFBorpd2u0oqstmkAeoGfGOEeSeKBAKVYAmhNI
hTXCGomnuLmXio/5Bnz330VIiavpvVNVV7YPzGcwtu15V2yIM8/Ulq7U+MTFSsfG
pOPCGMN1rWmHzmkswujBMMfsoRsHVmyQrHBFOgs16mXONWN4KQRZH0frGv+egbiH
WejzMqW3Qj/mYksEW3yMZcr8HhMsucvrS6qPyc0wftdmU5wg1eNbyKT/i1EVESwQ
N5nimkx7uE0ppbToK5Uxkbq1lN/iFMSkgsfGppbfR591EMnZ9rG0spfVv1xH/lxQ
qF/XKYDDDnaoo9Feovtc434z4aOVEeAm7jHjCoKo1zMH8aHf1Ms3biQtOv7eguUo
G87HmmyzKCrM++eewKk0UiOzxzuisztAlMzWd4eNz5UrkX3E3DXGWDwHjdkDw83U
00bJjLJlH/9ylyZh/v3Gxgyz9bIU9CYo5SPrsTw0lHg5z/Tfc0n0IAkl5Foh6sDe
QRIkOt6Y9fD6MfgTZ3SVb7s//+lV2q8ezNoMJrVT/oeKOgJF9L8=
=Wblq
-----END PGP SIGNATURE-----

Notes

For continuous connections to login.csail.mit.edu, Kerberos tickets and the related AFS tokens will expire every 10 hours. Run renew to obtain new credentials. After they expire, your session will remain open, but you will have very little access to files (as system:anyuser, the AFS equivalent of nobody.)

TIG provides scripts such as longsession and longscreen which will automatically renew tickets and tokens for up to a week. Run these commands with the -h flag to get more information about how to use them.

Many standard packages are available on these systems. A few packages can be added to your environment using ~/.software; if you still don’t see what you’re looking for, contact TIG.