Toolserver:Logging in
This page was moved from the Toolserver wiki.
Toolserver has been replaced by Toolforge. As such, the instructions here may no longer work, but may still be of historical interest.
Please help by updating examples, links, template links, etc. If a page is still relevant, move it to a normal title and leave a redirect.
Getting started |
---|
There are two types of user servers: web servers and login servers. Unless you need to view the HTTP logs or debug a CGI problem, you wouldn't normally log in to the web servers. The two login servers, which you will want to be using most of the time, are willow
and nightshade
. These are identical; see user servers for more details.
Authentication is done via SSH public keys. There is no need (and no possibility) to use a password to log in; your client will present the private part of your SSH key, and the server will grant you access. You should treat your SSH private key like a password; if it's compromised, you need to change it immediately. Your public key is not secret, and you can use the same public key on many systems.
(You might be asked to enter a passphrase when authenticating; this is not your Toolserver password, it's only used to encrypt your private key on your own computer, in case someone steals it. This passphrase is never sent to the Toolserver, and you can change it at any time.)
Using SSH on Windows
editThere are several SSH clients for Windows. The most popular is PuTTY, which is free and provides a GUI interface; other options include the Cygwin OpenSSH client (free, command-line), and SecureCRT (commercial, GUI).
A tutorial for using PuTTY for SSH login can be found at http://unixwiz.net/techtips/putty-openssh.html
Creating an SSH key
editYour SSH client should provide a way to generate an SSH key. If it asks you what format to store the public key in, choose OpenSSH. If that's not an option, use IETF SECSH.
If your SSH client doesn't provide a way to generate a key, you can use puttygen
, the PuTTY key generation utility:
- Go to http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
- Download
puttygen.exe
- Open it and follow the instructions
Logging in with PuTTY
editIf you are using PuTTY, you need to fill in the "host name" with either willow.toolserver.org
or nightshade.toolserver.org
, then locate your SSH key (under Connection->SSH->Auth). Don't change any of the other settings, and click "open". Verify the fingerprint against https://fingerprints.toolserver.org. Then log in with your user name and the passphrase for your private key.
Most SSH clients provide a way to save session settings, so you don't have to enter the details every time.
Using SSH on Unix or Linux
editMost modern Unix systems include the OpenSSH client. To generate a key, run:
$ ssh-keygen -t rsa
This will store your private key in $HOME/.ssh/id_rsa
, and your public key in $HOME/.ssh/id_rsa.pub
. You can use different filenames, but these are the default filenames, so it's easiest to not change them.
To log in to the server, run:
$ ssh <username>@<server>.toolserver.org
You may be prompted for the passphrase you used when generating your key. <server> must be one of the login servers.
If your Toolserver username is the same as your local username, you can just use
$ ssh <server>.toolserver.org
If you would rather use a GUI client, a version of PuTTY (above) is also available for Unix.
Getting in
editWhen you log in, you might be asked to confirm the toolserver's key fingerprint. They are available at https://fingerprints.toolserver.org.
After logging in, you will be presented with:
- The current message-of-the-day
- Whether you have new local mail
- The date, time and location of your last login
- Whether you are already logged in, and where from
- Whether you have any detached
screen
sessions - The date your account will expire
- Whether you have exceeded your disk quota
- Any new system news
Occasionally, you might have a reason to log into the web servers, e.g. to examine the web server logs. Because home directories are shared between both systems, you can use the same SSH key to log in; follow the same procedure as above.
Sample
editlogin as: example Authenticating with public key "NAMEOFMYKEY" Passphrase for key "NAMEOFMYKEY": This is the Wikimedia Toolserver. Rules: https://wiki.toolserver.org/view/Rules Documentation: https://wiki.toolserver.org/view/Getting_started This is the Linux login server. There is also a Solaris login server at willow.toolserver.org. Last login: Fri Mar 04 10:51:48 2022 from 1-2-3-4.example.com Your account will expire on Sunday, 4 May 2025. You are already logged in from the following host(s): 1-2-3-4.example.com (pts/85) The following screen sessions are active under this account: 16186.pts-62.nightshade example@nightshade:~$ _
Using multiple keys
editYou may be in a situation where you need to use multiple identities accessing the toolserver, for instance you work in a company forbidding you to bring and use your personal key, but allowing their equipment to be used for beneficial purposes like maintaining tools during break times. Then you have to add an additional public key on the toolserver in order to have it recognized. In order to do so, you need to login with an already existing key at least once. If you cannot do so, you need administrator assistance, otherwise follow the procedure outlined below.
Adding a key from Unix or Linux
editIf you do not have one already, generate an additional keypair on your local machine:
$ ssh-keygen -t rsa -f 4toolserver
replacing 4toolserver
with a name of your choice. Then have the public key in your $HOME/.ssh/4toolserver.pub
uploaded and added to your $HOME/.ssh/authorized_keys
on the toolserver:
$ ssh-copy-id -i 4toolserver nightshade.toolserver.org
You will be prompted for the passphrase of your old key and your old key will be used to log into the toolserver, add the new key, and log out. When that is done, you should be able to log in with either keypair. (As a safety measure, you may copy your $HOME/.ssh/authorized_keys
on the toolserver to a safe place, stay logged in there from another shell during the update, and copy the file back, should you loose your ability to login due to an error)
If you need to use the new key from a different machine or location, you need to move $HOME/.ssh/4toolserver
there in a secure way.