Logging on to Baskerville
Baskerville is restricted by firewall access, typically to UK IP addresses. If you are unable to connect we may need to add a firewall exception. Please contact Baskerville Support for assistance.
First Time Access¶
On first login, do not use the federated identity options.
Once you have received an invitation to access Baskerville, follow these instructions to setup your account:
- Visit the Baskerville authentication portal
- Select the “New User / Forgot Password?” link
- Enter the email address that was registered for use with Baskerville
- You will receive an email with a link to reset your password
- As part of setting your password, you will be prompted to setup 2FA
- You can use any TOTP compatible authenticator app such as Google Authenticator, Microsoft Authenticator or FreeOTP
- Scan the QR code and enter the code to setup 2FA
WarningDo not close or navigate away from the page containing the QR code until you have scanned it, else you will be locked-out of your account.
- Set a strong password for the account
- Once you are logged in to the Baskerville authentication portal please:
- Read and agree to the terms and conditions
- Set your first and last names, this data will update the “GECOS” field in the login and compute systems
- Upload your public ssh key used for logging in to Baskerville
- Copy the full text of your key’s
.pubfile and paste into the field
- Save your updated profile
The username, password, OTP and ssh key are all needed to be able to login to the Baskerville system.
Once you have setup your Baskerville access, you should be able to access Baskerville using ssh. Baskerville requires two factor authentication, one of which must be your one time password (OTP) from the authenticator app.
You can therefore use:
- ssh key + OTP
- password + OTP
One Time Password
Whilst the OTP is a “Time One Time Password” (TOTP), it is only valid for a single use. If you need to open several ssh sessions, you may need to wait for a new OTP to be generated in the authenticator app as once it has been consumed on the first ssh session, it will no longer be valid.
You are required to regulary log in to keep the OTP token valid. Currently, you are required to login at least every 365 days or you will receive a message such as:
Authentication failed. The last successful authentication was 2021-01-01 00:00:00.000000+01:00. It is to [SIC] long ago.
In this case, contact us as per 2fa-code-reset
SSH key + OTP¶
If using ssh key + OTP, you will see something like this in your ssh client:
$ ssh <USERNAME>@login.baskerville.ac.uk OTP code: <enter your OTP>
Password + OTP¶
If using password + OTP, you will see something like this in your ssh client:
$ ssh <USERNAME>@login.baskerville.ac.uk Password: <enter your password> OTP code: <enter your OTP>
You should use your username and password (or ssh key) as setup during first time access process.
Usernames and password are case sensitive.
Once you have configured your first time password, you can use various Federated Identity options to login to the authentication portal. You will always be prompted for your Baskerville 2FA code as part of login.
We suggest that to link you federated identity, you login the Baskerville authentication portal using your username, password and 2FA code, chose the “Federated Identity” link in the menu and link you account this way.
Federated Identity is only used for the Baskerville authentication portal (e.g. to login to the Baskerville Admin system). It cannot be used when logging into the compute and login systems.
Password reset is self-service, please visit the Baskerville authentication portal and select the “New User / Forgot Password?” link. Enter either your Baskerville username or the email address associated with your account. You will then receive a password reset email with a link to follow. The link is valid for 5 minutes. As part of password reset, you will need to enter your 2FA code before you are able to reset the password.
2FA code reset¶
It is currently not possible to “self-service” reset your 2FA code. If you lose access to the authenticator token due to inactivity and/or need to reset, or need to update the 2FA code due to a new device, please open a support ticket.