Access PSI analysis computers

In order to obtain access to analysis computers at PSI you need to request an external user account. Please ask your local contact to open an account for you if you do not have one yet.

Once you have an account, please set up multi-factor authentication (MFA) by following the instructions here. Now you are ready to configure your ssh connection to a local machine at PSI so you can perform the analysis of your muon spin spectroscopy data. The instructions here are for a standard Linux OS. If you have another OS, you should probably switch to Linux 😉

1. Create a “~/.ssh” and “~/.ssh/tmp” folders in your home directory if you do not have them already
mkdir ~/.ssh
chmod 700 ~/.ssh
mkdir ~/.ssh/tmp

Add the following lines to the .bashrc  file in your account,
export ROOTSYS=/usr
export MUSRFITPATH=/usr/local/bin
export DKS=/usr/local/dks

2. Create a file with the name config in the ~/.ssh folder. This file uses your specific login <ext-lastname_n>, please change this accordingly. The content of the file should be as follows (download template here)

ControlMaster auto
ControlPath ~/.ssh/tmp/%h_%p_%r
Protocol 2
ForwardX11 yes
ForwardX11Trusted yes
ForwardAgent yes

     PreferredAuthentications publickey,password,keyboard-interactive
     host hop
     user <ext-lastname_n>
     DynamicForward 8118

host mpc2845
     user <ext-lastname_n>
     ProxyCommand ssh -A -W %h:%p

host mpc1940
     user <ext-lastname_n>
     ProxyCommand ssh -A -W %h:%p

host mpc1941
     user <ext-lastname_n>
     ProxyCommand ssh -A -W %h:%p

3. Only you should be able to read this file. Run the following command:
chmod 600 ~/.ssh/config

4. Now you can simply ssh to one of the analysis machines mpc2845, mpc1940 and mpc1941 (without
ssh mpc1940
Following this
i) Provide the password for your <ext-lastname_n> account (go through
ii) Confirm authentication via the MFA application on your mobile phone.
iii) Provide the password for your <ext-lastname_n> account again to access mpc1940.

5. Open musredit or any other program.

Note that you may add a configuration section for other hosts at PSI (or outside). Only hosts within PSI firewall should have the ProxyCommand line. Also, you must use the correct username instead of <ext-lastname_n> in the user line.