Skip to content

Logging on to Baskerville

Access Restrictions

Baskerville is restricted by firewall access, typically to UK IP addresses. If you are unable to connect we may need to add a firewall exception. Please contact Baskerville Support for assistance.

First Time Access

Federated Identity

On first login, do not use the federated identity options, use your Baskerville username and password only.

We have a video example of first-time access and we recommend you watch this before starting the process:

Once you have received an invitation to access Baskerville, follow these instructions to setup your account:

  1. Visit the Baskerville authentication portal New User Password page
    • If you see an Error 403 warning this point, please do not continue and contact support. Only people at the University of Birmingham are able to use the Remote Access Service mentioned there, but you can use your institution’s VPN if is based in the UK but you currently are not
  2. Enter the email address that was registered for use with Baskerville or your Baskerville username
    • You will receive an email with a link to reset your password. Select this to continue
  3. As part of setting your password, you will be prompted to setup a TOTP (Time-based One Time Password) for 2FA
    • Warning

      Do not close or navigate away from the QR code page until you have scanned it, else you will need to contact support to reset the process.
    • You can use any TOTP compatible authenticator app such as Google Authenticator, Microsoft Authenticator or FreeOTP
    • Scan the QR code
    • Enter the TOTP code from the authenticator app back into the QR code page and click “Sign in” to complete 2FA setup
  4. Read and agree to the terms and conditions
  5. Set a strong password for your account
  6. You are now logged in to the Baskerville authentication portal. Update your information:

    • Set your first and last names, this data will update the “GECOS” field in the login and compute systems
    • Tip

      At this stage you can also upload your public ssh key used for logging in to Baskerville by pasting the full text of your ssh key’s .pub file into the field. If you don’t have an ssh key, we recommend following the SSH Academy guide. ~/.ssh/authorized_keys is ignored by Baskerville.
    • Save your updated profile
  7. This completes the process for first time access, you can now use the federated identity options to associate your account with your institutions account.

One Time Password (OTP) and either your username and password or username and ssh key are needed to log in to the Baskerville system.

In addition to the Baskerville authentication portal, you may also want to check the Baskerville Admin site (see for more information about Baskerville Admin).

Logging On

Once you have setup your Baskerville access, you should be able to access Baskerville using ssh. Baskerville requires two factor authentication, one of which must be your one time password (OTP) from the authenticator app.

You can therefore use:

  • ssh key + OTP
  • password + OTP

One Time Password

Whilst the OTP is a “Time One Time Password” (TOTP), it is only valid for a single use. If you need to open several ssh sessions, you may need to wait for a new OTP to be generated in the authenticator app as once it has been consumed on the first ssh session, it will no longer be valid.

You are required to regularly log in to keep the OTP token valid. Currently, you are required to login at least every 365 days or you will receive a message such as:

Authentication failed. The last successful authentication was 2021-01-01 00:00:00.000000+01:00. It is to [SIC] long ago.

In this case, contact us as per 2fa-code-reset

SSH key + OTP

In order to use an ssh key to log in, please visit the Baskerville authentication portal. On logging in you will immediately be taken to the Edit Account page where you should paste the full text of your ssh key’s .pub file into the SSH key field. Remember to click Save to save your changes.

You can add or change your key at any time by visiting the Baskerville authentication portal and updating the SSH key field.

Multiple keys

You can only configure one ssh key at a time. You can change your key at any time, but cannot configure additional keys.

If using ssh key + OTP, you will see something like this in your ssh client when connecting:

$ ssh _username_@login.baskerville.ac.uk
OTP code: _otp_

Password + OTP

If using password + OTP, you will see something like this in your ssh client when connecting:

$ ssh _username_@login.baskerville.ac.uk
Password: _password_
OTP code: _otp_

You should use your username and password (or ssh key) as setup during first time access process.

Case Sensitivity

Usernames and password are case sensitive.

Federated Identity

Once you have configured your first time password, you can use various Federated Identity options to login to the authentication portal. You will always be prompted for your Baskerville 2FA code as part of login.

We suggest that to link your federated identity, you login to Baskerville authentication portal using your username, password and 2FA code, choose the “Federated Identity” link in the menu and link your account this way.

Federated Identity is only used for the Baskerville authentication portal (e.g. to login to the Baskerville Admin system). It cannot be used when logging into the compute and login systems.

Password reset

Password reset is self-service, please visit the Baskerville authentication portal and select the “New User / Forgot Password?” link. Enter either your Baskerville username or the email address associated with your account. You will then receive a password reset email with a link to follow. The link is valid for 5 minutes. As part of password reset, you will need to enter your 2FA code before you are able to reset the password.

2FA code reset

It is currently not possible to “self-service” reset your 2FA code. If you lose access to the authenticator token due to inactivity and/or need to reset, or need to update the 2FA code due to a new device, please open a support ticket.

Login nodes

Having SSH’d into Baskerville using one of the processes described above you’ll find yourself logged in to a login node.

Login node use

Login nodes are intended for simple tasks such as managing your files, but not for compute tasks. We’ll walk through how to run jobs on the compute nodes in the Getting Started sections.

Baskerville currently has three login nodes named bask-pg-login01, bask-pg-login02 and bask-pg-login03. When you log in you’re assigned one at random but your home and project folders will be available irrespective of the node. In general, you don’t need to worry about the login node you’re using.

In some very specific cases, such as to access a persistent process (maybe a screen or tmux session) you may need to access a specific login node. In this case you can jump directly to the node (replacing the 1 with 2 or 3 as appropriate):

ssh -J _username_@login.baskerville.ac.uk _username_@bask-pg-login01