The National Institute for Computational Sciences

Access and Login


Introduction


The focus of this document is accessing the ACF from various terminal programs using ssh (Secure Shell). To learn how to access the ACF through OpenOnDemand in a web browser, please refer to the OpenOnDemand document. This document assumes you currently possess a valid user account and have familiarity with remote access methods.

ssh (Secure Shell)


To access ACF resources, you must connect with a Secure Shell client. In MacOS and most Linux distributions, a ssh client is built-in to the operating system. On Windows, PuTTY and MobaXterm can be used to provide ssh capability. Review the documentation on those clients to learn about their usage. Recent updates to Windows 10 have added built-in support for ssh. If it is not installed on your version of Windows, please refer to Microsoft’s documentation on OpenSSH. It can then be accessed with the Command Prompt or Windows PowerShell in the same way you would access ssh from a terminal within MacOS or Linux.

Duo Two-Factor Authentication


In addition to a ssh client, you will need the Duo app on your mobile device. The app can be downloaded from the Apple App Store for iOS users or from Google Play for Android users. New users should be automatically enrolled in Duo; existing users, however, must associate their UT NetID with their NICS account. To do this, navigate to the NICS user portal and click the link to associate your UT NetID with your NICS account. If you skipped Duo enrollment when you created your NICS account, then you must also associate your UT NetID with your account. For more information on Duo, visit their website.

Connecting to the ACF


To begin, open your ssh client. For MacOS and Linux users, this will a terminal. For Windows users, this will be one of the clients mentioned in the ssh section. Once the client opens, type ssh <NetID>@acf-login.acf.utk.edu at the prompt. Replace the <netID> argument with your UT NetID. Upon pressing enter (return), you will be prompted to provide your password. Upon authenticating, the system will then supply two Duo options:

  1. Duo Push
  2. Duo Passcode

In most cases, it is best to use the “Duo Push” option. If you choose the Push option, the Duo app will prompt you to approve the request on your mobile device. Open Duo and select "Approve." If you choose the Passcode option, you will receive a SMS message on your mobile device. Type one of these codes into the client. In either case, you will then be logged in to the ACF.

Changing the Default Shell


If you wish to change your default shell, log in to the NICS User Portal. Navigate to the “Login Information” section. Identify the “Shell” menu and select one of the available options. At the time of this writing, sh, bash, csh, ksh, and zsh are the available shells on the ACF. Click “Change” to confirm your selection. You will need to log out of the ACF and log back in for changes to the default shell to take effect. Figure 4.1 highlights the shell selection menu in the user portal.

Default Shell Selection
Figure 4.1 - Shell Selection in the User Portal

X11 Forwarding


ACF resources support X11 forwarding, which enables the use of graphical tools. To use X11 forwarding, download an X11 terminal. On most Linux distros, xterm is built-in to the operating system. On MacOS, the XQuartz system handles X11 forwarding. You can access XQuartz by typing xterm in a standard Terminal. If you are prompted to update the system, do so. Obsolete versions of XQuartz will not work with ACF resources. On Windows, PuTTY with xming support can be used to provide X11 forwarding. MobaXterm, mentioned in the SSH section, can also be used.

Once you select an X11 terminal and open it, execute the ssh -X <NetID>@acf-login.acf.utk.edu command at the prompt. If the connection does not work, replace -X with -Y. Because the option is case-sensitive, make sure you use capital letters. Upon connecting to the ACF, type xeyes or xclock to verify that the X11 system is functional. If neither of those programs work, review the documentation for the client you chose and check your X11 terminal configuration.

Troubleshooting Login Issues


Inactive Accounts

Accounts that are not used for one year are disabled. If you believe your account has been disabled for inactivity, please submit a ticket to help@acf.utk.edu.

Password Changes

If you know your current NetID password and desire to change it, navigate to the UT OIT password management page and log in. Once you authenticate with your username, password, and Duo, continue through the account protection prompt. Specify a new password that complies with UT’s password policies and accept the AUP (acceptable use policy) to change your NetID password.

If you do not know your current NetID password and desire to change it, navigate to the UT OIT password reset page. Provide the necessary information to authenticate, then continue through the account protection prompt. Provide a new password that complies with UT’s password policies and accept the AUP to change your NetID password.

If you continue to have issues with your NetID password, please submit a ticket to help@acf.utk.edu.

Key Mismatches

When you log in to the ACF for the first time, your ssh client will warn you about an unknown host key. This is normal behavior and should not cause alarm. Generally, the ssh client will show the host’s key fingerprint and ask if you wish to continue. Select “yes” when this option is presented to you. At that point, the ACF’s host key will be added to your system, which will prevent future prompts. Be aware, however, that ssh host keys can change, and when they do, the ssh client will dramatically warn you. Figure 6.1 shows this warning. It is necessary to edit your ssh known_hosts file to remedy this error. If you have reasonable suspicion that this is a legitimate security concern and not a case of mismatched keys, please submit a ticket to help@acf.utk.edu.

ssh Key Change Warning
Figure 6.1 - ssh Key Change Warning

If you receive this warning, it means that the key your system associates with the ACF is no longer valid. Again, this should not be cause for alarm unless there is reason to suspect a legitimate security concern. Instead, modify your known_hosts file to remove the old key so that ssh can register the new one. The ssh-keygen command allows you to modify this file without breaking ssh.

To edit your known_hosts file on a MacOS or Linux system, open a terminal. Type ssh-keygen -R <hostname> and press Enter (Return). Replace the <hostname> argument with acf-login.acf.utk.edu. Existing users should also run the ssh-keygen -R command with the acf-login.nics.utk.edu hostname. After this change, the warning in Figure 6.1 will no longer appear, and ssh will allow you to save the new host key. If necessary, you can retrieve deleted keys from the known_hosts.old file that is created in the ~/.ssh directory.

On updated Windows 10 systems, follow the process used to remove ssh host keys from MacOS and Linux. Both PowerShell and Command Prompt support the ssh-keygen command.

For older Windows systems that run PuTTY, ssh host keys are stored within the registry. Proceed with caution when editing the Windows registry. Incorrect modifications could result in system instability. To begin, open the Registry Editor. You can open this utility by searching for it from the Start menu or by opening the Run menu and typing regedit. When it opens, navigate to the following location from the left pane: HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys

All the host keys known to PuTTY will appear. Before you delete any of the keys, double-click on them to verify that they belong to the offending hosts. The name of the host will appear under the “Value name:” header. Figure 6.2 identifies where the hostname will appear. Once you verify that the key belongs to the offending host, right-click on it to delete it. PuTTY should then allow you to save the host’s new key upon your next login attempt.

Hostname for a ssh host key in the Windows Registry
Figure 6.2 - Hostname for a ssh host key in the Windows Registry


Last Updated: 01 / 07 / 2020