Logging on to Baskerville
Baskerville is restricted by firewall access, typically to UK IP addresses. If you are unable to connect we may need to add a firewall exception. Please contact Baskerville Support for assistance. On first login, do not use the federated identity options.
First Time Access¶
Once you have received an invitation to access Baskerville, follow these instructions to setup your account:
- Visit the Baskerville authentication portal New User Password page
- If you see an
Error 403warning this point, please do not continue and contact support. Only people at the University of Birmingham are able to use the Remote Access Service mentioned there.
- If you see an
- Enter the email address that was registered for use with Baskerville or your Baskerville username
- You will receive an email with a link to reset your password. Select this to continue
- As part of setting your password, you will be prompted to setup 2FA
WarningDo not close or navigate away from the QR code page until you have scanned it, else you will need to contact support to reset the process.
- You can use any TOTP compatible authenticator app such as Google Authenticator, Microsoft Authenticator or FreeOTP
- Scan the QR code
- Enter the TOTP code from the authenticator app back into the QR code page and click “Sign in” to complete 2FA setup
- Read and agree to the terms and conditions
- Set a strong password for your account
- You are now logged in to the Baskerville authentication portal. Please:
- Set your first and last names, this data will update the “GECOS” field in the login and compute systems
- (Optional) Upload your public ssh key used for logging in to Baskerville by pasting the full text of your ssh key’s
.pubfile into the field. If you don’t have an ssh key, we recommend following the SSH Academy guide.
- Save your updated profile
- This completes the process for first time access
One Time Password (OTP) and either your username and password or username and ssh key are needed to log in to the Baskerville system.
In addition to the Baskerville authentication portal, you may also want to check the Baskerville Admin site (see for more information about Baskerville Admin). We also have a video example of first-time access and we recommend you watch this before starting the process:
Once you have setup your Baskerville access, you should be able to access Baskerville using ssh. Baskerville requires two factor authentication, one of which must be your one time password (OTP) from the authenticator app.
You can therefore use:
- ssh key + OTP
- password + OTP
One Time Password
Whilst the OTP is a “Time One Time Password” (TOTP), it is only valid for a single use. If you need to open several ssh sessions, you may need to wait for a new OTP to be generated in the authenticator app as once it has been consumed on the first ssh session, it will no longer be valid.
You are required to regularly log in to keep the OTP token valid. Currently, you are required to login at least every 365 days or you will receive a message such as:
Authentication failed. The last successful authentication was 2021-01-01 00:00:00.000000+01:00. It is to [SIC] long ago.
In this case, contact us as per 2fa-code-reset
SSH key + OTP¶
In order to use an ssh key to log in, please visit the Baskerville authentication portal. On logging in you will immediately be taken to the Edit Account page where you should paste the full text of your ssh key’s
.pub file into the SSH key field. Remember to click Save to save your changes.
You can add or change your key at any time by visiting the Baskerville authentication portal and updating the SSH key field.
You can only configure one ssh key at a time. You can change your key at any time, but cannot configure additional keys.
If using ssh key + OTP, you will see something like this in your ssh client when connecting:
$ ssh email@example.com OTP code: _otp_
Password + OTP¶
If using password + OTP, you will see something like this in your ssh client when connecting:
$ ssh firstname.lastname@example.org Password: _password_ OTP code: _otp_
You should use your username and password (or ssh key) as setup during first time access process.
Usernames and password are case sensitive.
Once you have configured your first time password, you can use various Federated Identity options to login to the authentication portal. You will always be prompted for your Baskerville 2FA code as part of login.
We suggest that to link your federated identity, you login to Baskerville authentication portal using your username, password and 2FA code, choose the “Federated Identity” link in the menu and link your account this way.
Federated Identity is only used for the Baskerville authentication portal (e.g. to login to the Baskerville Admin system). It cannot be used when logging into the compute and login systems.
Password reset is self-service, please visit the Baskerville authentication portal and select the “New User / Forgot Password?” link. Enter either your Baskerville username or the email address associated with your account. You will then receive a password reset email with a link to follow. The link is valid for 5 minutes. As part of password reset, you will need to enter your 2FA code before you are able to reset the password.
2FA code reset¶
It is currently not possible to “self-service” reset your 2FA code. If you lose access to the authenticator token due to inactivity and/or need to reset, or need to update the 2FA code due to a new device, please open a support ticket.
Having SSH’d into Baskerville using one of the processes described above you’ll find yourself logged in to a login node.
Login node use
Login nodes are intended for simple tasks such as managing your files, but not for compute tasks. We’ll walk through how to run jobs on the compute nodes in the Getting Started sections.
Baskerville currently has three login nodes named
bask-pg-login03. When you log in you’re assigned one at random but your home and project folders will be available irrespective of the node. In general, you don’t need to worry about the login node you’re using.
In some very specific cases, such as to access a persistent process (maybe a
tmux session) you may need to access a specific login node. In this case you can jump directly to the node (replacing the
3 as appropriate):
ssh -J email@example.com _username_@bask-pg-login01