Skip to end of metadata
Go to start of metadata

Authorized users of Computerome 2.0 may log in using SSH version 2 to the interactive front-end node ssh.computerome.dk. 

Computerome 2.0 requires two-factor authentication for access:

  • Your user name is sent to you in email.
  • For first-factor authentication, use the temporary password sent to you in SMS. Change it at first login using passwd command.
  • For second-factor authentication, use:
    • either the passcode sent to you in SMS at login attempt (the default option),
    • or install the Entrust IdentityGuard Mobile app on your mobile to receive and approve push notifications. This is how you set up the soft token.


In Computerome 2.0, no other software token (e.g Google Authenticator) is available for second factor authentication, than Entrust IdentityGaurd Mobile app. 


Please note: lifsci is fictional user for educational purposes. Please replace it with the username sent to you - <username>@ssh.computerome.dk

ssh lifsci@ssh.computerome.dk
 
#############################################################
#                                                           #
#                 Welcome to Computerome 2.0                #
#                                                           #
#                         NOTICE !!!                        #
#        This system requires 2-factor authentication       #
#                                                           #
#       To login, type your password and press Enter.       #
#     This sends either an SMS passcode to your mobile      #
#    or a push-notification to Entrust IdentityGuard app.   #
#   If the push-notification times out, a new prompt line   #
#    asks for the 8 digit security code shown in the app.   #
#                                                           #
#           BY LOGGING INTO THIS SYSTEM YOU ACCEPT          #
#         COMPUTEROME'S TERMS AND CONDITIONS OF USE.        #
#                                                           #
#############################################################
 
Password: #Type your password here and press Enter, this will trigger the second-factor authentication and the cursor will pop up in the next line.
 
_ #Confirm the second-factor authentication request here by either entering the passcode received in SMS or confirming the Entrust push-notification on your mobile.
 
Enter a response from your token with serial number 06679-04429. #Pops up only when the Entrust push-notification times out. Type the 8 digit Entrust pascode here and press enter.
 
Last login: Fri Jan 10 12:10:38 2020 from <some IP address>
 
[lifsci@g-12-l0002 ~]$

Windows PC users

Windows PC users are recommended to use the free Windows SSH client PuTTY for command-line SSH login to Computerome. If you need to display graphical tools from Computerome on your Windows PC, PuTTY will forward your X11 (a.k.a. X-Windows) display onto your PC.

However, in order to Windows to actually display X11, you need to install an X11 server on your PC. Please, see the excellent X11 on Windows page on Niflheim Wiki for further information.

Several commercial solutions are also available, some even provide bundled SSH and X11 functionality - such as MobaXterm for instance.

MobaXterm and 2-factor authentication

MobaXterm does not "play nice" with 2-factor authentication.

Per default, MobaXterm will open an embedded SFTP browser (called SSH-browser) when you start the terminal; this does not work with 2-factor authentication, since it means that you will attempt to start two different connections simultaneously, resulting in unwanted behavior in your login.

To avoid this, you need to make the following changes to MobaXterm:

Settings => Configuration => SSH

SFTP settings
[ ] Enable graphical SSH-browser									<-- must be unchecked
[ ] Automatically switch to SSH-browser tab after login				<-- must be unchecked

Sessions settings
[V] Use 2-factor authentication for SSH gateways                    <-- must be checked 

You should always create a new connection in MobaXterm by clicking

Session => SSH/SFTP/SCP/<whatever>

Copy and paste problems on Computerome X applications when using Xquartz server on Mac

Ensure that your XQuartz → Preferences → Pasteboard settings are:
Enable syncing: y
Update Pasteboard when CLIPBOARD changes: n
Update CLIPBOARD when Pasteboard changes: y
Update PRIMARY (middle-click) when Pasteboard changes: y
Update Pasteboard immediately when new text is selected: n


If you try using ssh-type commands in the MobaXterm terminal window, 2-factor authentication will fail.

SFTP Client Configurations

In order to use most FTP/SFTP clients on a 2 factor system you will need to limit the maximum simultaneous connections to avoid multiple login prompts. You should also set up Entrust as your Two-Factor Authentication method. 
Here you can see how to setup the mostly used clients. 

Filezilla - free FTP solution

Changes has been made in recent versions which means that Quickconnect no longer works with 2 factor authentication

GLOBAL
Go to Edit->Settings->Transfers 
Change Maximum simultaneous transfers to 1
SITE PROFILE / BOOKMARK
Go to File->Site Manager->(your profile)->Transfer settings
Check Limit number of simultaneous connections
Change Maximum number of connections to 1
Change Login type to Interactive

WinSCP - Free SFTP. SCP, S3 and FTP client for Windows

Seems to be a good solution for Windows.

Cyberduck - storage browser for Mac and Windows

The current Cyberduck version works with our Two-Factor Authentication as long as it is Entrust. 

GLOBAL
Go to Edit->Preferences->Transfers
Change Transfer Files to Use browser connection
SITE PROFILE / BOOKMARK
Right click your profile and select Edit Bookmark
Change Transfer Files to Use browser connection

Login access restrictions

Please note that for reasons of security, SSH login access is only possible from the known Internet domains of authorized users.

If your connection terminates unexpectedly

If you are connecting to Computerome though a slightly unstable connection (Internet/WAN/similar), you may experience that it terminates with messages like

packet_write_wait: ... Broken pipe error.
In such a case you could try adding the following to your ~/.ssh/config
ServerAliveInterval 60
If you are on Windows, using PuTTY, the equivalent is to set
PuTTY Configuration => Connection => Seconds between keepalives (0 to turn off): 60