Access PSI analysis computers

In order to obtain access to analysis computers at PSI you need to request an external user account. Please ask your local contact to open an account for you if you do not have one yet.

Once you have an account, please set up multi-factor authentication (MFA) by following the instructions here. Now you are ready to configure your ssh connection to a local machine at PSI so you can perform the analysis of your muon spin spectroscopy data. The instructions here are for a standard Linux OS. If you have another OS, you should probably switch to Linux 😉

1. Create a “~/.ssh” and “~/.ssh/tmp” folders in your home directory if you do not have them already
mkdir ~/.ssh
chmod 700 ~/.ssh
mkdir ~/.ssh/tmp

Add the following lines to the .bashrc  file in your account,
export ROOTSYS=/usr
export MUSRFITPATH=/usr/local/bin
export DKS=/usr/local/dks

2. Create a file with the name config in the ~/.ssh folder. This file uses your specific login <ext-lastname_n>, please change this accordingly. The content of the file should be as follows

ControlMaster auto
ControlPath ~/.ssh/tmp/%h_%p_%r
ForwardX11 yes
ForwardX11Trusted yes
ForwardAgent yes

host hopx hopx.psi.ch
    hostname hopx.psi.ch
     user <ext-lastname_n>

host mpc2845
     hostname mpc2845.psi.ch
     user <ext-lastname_n>
  ProxyJump hopx
DynamicForward 8118

host mpc1940
     hostname mpc1940.psi.ch
     user <ext-lastname_n>
  ProxyJump hopx

host mpc1941
     hostname mpc1941.psi.ch
     user <ext-lastname_n>
  ProxyJump hopx

3. Only you should be able to read this file. Run the following command:
chmod 600 ~/.ssh/config

4. Now you can simply ssh to hopx (without .psi.ch)):
ssh hopx
Following this
i) Provide the password for your <ext-lastname_n> account.
ii) Confirm authentication via the MFA application on your mobile phone.
iii) keep this window open and open another terminal to ssh one of the analysis machines mpc2845, mpc1940 and mpc1941 (without .psi.ch):
ssh mpc1940
and provide the password for your <ext-lastname_n> account again to access mpc1940.

5. Open musredit or any other program.

Note that you may add a configuration section for other hosts at PSI (or outside). Only hosts within PSI firewall should have the ProxyJump line. Also, you must use the correct username instead of <ext-lastname_n> in the user line.

Another useful feature, is to use this configuration to route your browser through ssh tunnel to access the data acquisition system on our beam lines.