In order to obtain access to analysis computers at PSI you need to request an external user account. Please ask your local contact to open an account for you if you do not have one yet.
Once you have an account, please set up multi-factor authentication (MFA) by following the instructions here. Now you are ready to configure your ssh connection to a local machine at PSI so you can perform the analysis of your muon spin spectroscopy data. The instructions here are for a standard Linux OS. If you have another OS, you should probably switch to Linux 😉
1. Create a “~/.ssh” and “~/.ssh/tmp” folders in your home directory if you do not have them alreadymkdir ~/.ssh
chmod 700 ~/.ssh
mkdir ~/.ssh/tmp
Add the following lines to the .bashrc file in your account,export ROOTSYS=/usr
export MUSRFITPATH=/usr/local/bin
export DKS=/usr/local/dks
2. Create a file with the name config in the ~/.ssh folder. This file uses your specific login <ext-lastname_n>, please change this accordingly. The content of the file should be as follows (download template here)
ControlMaster auto ControlPath ~/.ssh/tmp/%h_%p_%r Protocol 2 ForwardX11 yes ForwardX11Trusted yes ForwardAgent yes
host*
PreferredAuthentications publickey,password,keyboard-interactive
host hop hop.psi.ch
hostname hop.psi.ch
user<ext-lastname_n>
DynamicForward 8118
host mpc2845
hostname mpc2845.psi.ch
user<ext-lastname_n>
ProxyCommand ssh -A -W %h:%p hop.psi.ch
host mpc1940
hostname mpc1940.psi.ch
user<ext-lastname_n>
ProxyCommand ssh -A -W %h:%p hop.psi.ch
host mpc1941
hostname mpc1941.psi.ch
user<ext-lastname_n>
ProxyCommand ssh -A -W %h:%p hop.psi.ch
3. Only you should be able to read this file. Run the following command:chmod 600 ~/.ssh/config
4. Now you can simply ssh to one of the analysis machines mpc2845, mpc1940 and mpc1941 (without .psi.ch):ssh mpc1940
Following this
i) Provide the password for your <ext-lastname_n>hop.psi.ch).
ii) Confirm authentication via the MFA application on your mobile phone.
iii) Provide the password for your <ext-lastname_n>mpc1940.
5. Open musredit or any other program.
Note that you may add a configuration section for other hosts at PSI (or outside). Only hosts within PSI firewall should have the ProxyCommand line. Also, you must use the correct username instead of <ext-lastname_n>user line.