Logging on to Baskerville
Access Restrictions
Baskerville is restricted by firewall access, typically to UK IP addresses. If you are unable to connect we may need to add a firewall exception. Please contact Baskerville Support for assistance.
First Time Access¶
Federated Identity
On first login, do not use the federated identity options.
Once you have received an invitation to access Baskerville, follow these instructions to setup your account:
- Visit the Baskerville authentication portal
- If you see an
Error 403
warning this point, please do not continue and contact support. Only people at the University of Birmingham are able to use the Remote Access Service mentioned there.
- If you see an
- Select the “New User / Forgot Password?” link
- Enter the email address that was registered for use with Baskerville or your Baskerville username
- You will receive an email with a link to reset your password
- As part of setting your password, you will be prompted to setup 2FA
- You can use any TOTP compatible authenticator app such as Google Authenticator, Microsoft Authenticator or FreeOTP
- Scan the QR code and enter the code to setup 2FA
-
Warning
Do not close or navigate away from the page containing the QR code until you have scanned it, else you will be locked-out of your account.
- Set a strong password for the account
- Once you are logged in to the Baskerville authentication portal please:
- Read and agree to the terms and conditions
- Set your first and last names, this data will update the “GECOS” field in the login and compute systems
- Upload your public ssh key used for logging in to Baskerville
- Copy the full text of your key’s
.pub
file and paste into the field - Save your updated profile
One Time Password (OTP) and either your username and password or ssh key are needed to be able to login to the Baskerville system.
In addition to the Baskerville authentication portal, you may also want to check the Baskerville Admin site (see for more information about Baskerville Admin). We also have a video example of first-time access and we recommend you watch this before starting the process:
Logging On¶
Once you have setup your Baskerville access, you should be able to access Baskerville using ssh. Baskerville requires two factor authentication, one of which must be your one time password (OTP) from the authenticator app.
You can therefore use:
- ssh key + OTP
- password + OTP
One Time Password
Whilst the OTP is a “Time One Time Password” (TOTP), it is only valid for a single use. If you need to open several ssh sessions, you may need to wait for a new OTP to be generated in the authenticator app as once it has been consumed on the first ssh session, it will no longer be valid.
You are required to regularly log in to keep the OTP token valid. Currently, you are required to login at least every 365 days or you will receive a message such as:
Authentication failed. The last successful authentication was 2021-01-01 00:00:00.000000+01:00. It is to [SIC] long ago.
In this case, contact us as per 2fa-code-reset
SSH key + OTP¶
If using ssh key + OTP, you will see something like this in your ssh client:
$ ssh <USERNAME>@login.baskerville.ac.uk
OTP code: <enter your OTP>
Password + OTP¶
If using password + OTP, you will see something like this in your ssh client:
$ ssh <USERNAME>@login.baskerville.ac.uk
Password: <enter your password>
OTP code: <enter your OTP>
You should use your username and password (or ssh key) as setup during first time access process.
Case Sensitivity
Usernames and password are case sensitive.
Federated Identity¶
Once you have configured your first time password, you can use various Federated Identity options to login to the authentication portal. You will always be prompted for your Baskerville 2FA code as part of login.
We suggest that to link your federated identity, you login to Baskerville authentication portal using your username, password and 2FA code, choose the “Federated Identity” link in the menu and link your account this way.
Federated Identity is only used for the Baskerville authentication portal (e.g. to login to the Baskerville Admin system). It cannot be used when logging into the compute and login systems.
Password reset¶
Password reset is self-service, please visit the Baskerville authentication portal and select the “New User / Forgot Password?” link. Enter either your Baskerville username or the email address associated with your account. You will then receive a password reset email with a link to follow. The link is valid for 5 minutes. As part of password reset, you will need to enter your 2FA code before you are able to reset the password.
2FA code reset¶
It is currently not possible to “self-service” reset your 2FA code. If you lose access to the authenticator token due to inactivity and/or need to reset, or need to update the 2FA code due to a new device, please open a support ticket.