Connecting to DIaL3
Hostnames
Once you have requested access to DIaL3, you can access the login nodes using an SSH client and the generic (round-robin) address:
dial3.dirac.ac.uk
,
if necessary, you can also SSH directly to a specific login node, using the following hostnames
d3-login01.rcs.le.ac.uk
ord3-login02.rcs.le.ac.uk
For example:
$ ssh your_username@d3-login02.rcs.le.ac.uk
Multifactor Authentication (MFA)
All users are required to use Two factor authentication when accessing DIaL. We support:
- Time-based One-Time Passwords (TOTP). This is the prefered form of second factor for DIaL.
- Email OTP as an alternative for people that do not have a smartphone or cannot install a TOTP App.
You can setup both types of OTP (email-OTP and TOTP) if that is more convenient for you, and they can be used interchangeably at the point you login.
To setup your OTP tokens visit https://auth.dirac.ac.uk (https://www629.lamp.le.ac.uk). Log in using your normal DIaL username and password.
You will then be prompted to enter a One Time Password (OTP).
If this is the first time you have logged onto the portal a six-digit One-Time-Password will be sent to the email address that you registered with SAFE. Enter the OTP code in order to complete the login process.
Using TOTP
With QR code
Warning
Before beginning make sure that you have a TOTP App installed on your PC or smartphone (for instance Authy, Google Authenticator, Microsoft Authenticator, LastPass)
Select the "Enroll OATH Soft token" tab.
Now select "enroll your time base token". Take a screenshot of the QR code using your favourite OTP App.
Warning
The QR code will only be displayed once
It contains the shared secret that will be used to generate TOTP codes the QR code and secret must not be shared with anyone else.
From now on you will be able to access DIaL3 your regular DiRAC username and password along with the TOTP from your App.
$ Password:
$ Your OTP:
Without QR code reader
The QR code contains the shared secret that is used to generate TOTPs. The secret is a 52-letter code, scanning a QR code is normally the quickest and least error prone way of importing the secret into a TOTP App.
However, you may not have access to a QR code reader, for example, because
- You do not have a smartphone
- You do not have a working camera
- You cannot install a TOTP App on your phone (e.g. workphone)
- You would prefer to use a Desktop OTP App (which may have no way to read QR codes).
Fortunately, it is usually possible to import a secret into a TOTP App manually.
Firstly, you should create a soft token as describe in previous section. Right-click on the QR code and copy the URL. Past the URL into a text editor. You will see the 52-letter secret in the URL
otpauth://totp/DiRAC?secret=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&issuer=DiRAC
Manually create a new account in your TOTP App and enter the secret when prompt. The exact instructions differs depending on the application.
Warning
If you are using a Desktop TOTP App, rather than a smartphone App you must password protect the App.
Using Email OTP
It is also possible to have OTPs sent to you via Email. Select the "Set PIN"tab
Click on the email token in the left-hand panel (it will begin LSEM). Enter a 4 digit PIN. Finally click on "set PIN".
From now on you will be able to access DIaL3 your regular DiRAC username and password along with the PIN and the email OTP:
$ Password: <enter password>
$ Your OTP: <enter PIN>
$ e-mail sent successfully<enter OTP>
SSH Multiplexing
If you frequently open multiple, simultaneous SSH sessions to DIaL, you may find it convenient to set up multiplexing.
OpenSSH (Linux)
Create (or edit) the file ~/.ssh/config, and add
Host dial3.dirac.ac.uk
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p.socket
Host d3-login01.dirac.ac.uk
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p.socket
Host d3-login02.dirac.ac.uk
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p.socket
Putty,
Putty Configuration > Connection > SSH > 'Share SSH connections if possible'