How do I connect to CAEN's Linux Login Service using Secure Shell (SSH)?
- On Campus - SSH on Windows Computers
- On Campus - SSH on Linux & Mac OS Computers
- Off Campus - Using Duo Two-Factor Authentication
On Campus - SSH on Windows Computers
Windows does not provide built-in SSH software, but several third-party programs are available. All CAEN Windows computers offer an SSH program called PuTTY. When you first open PuTTY, a window similar to the one shown below will appear. To connect to CAEN's Linux Login Service when on-campus, enter oncampus-course.engin.umich.edu as the Host Name, and make sure SSH is selected as the Connection Type:
Upon clicking the Open button, a window will appear and prompt you to log in. Enter your U-M uniqname at the login as prompt, and press Enter. Then when prompted, enter your UMICH password, and press Enter again:
Note: The first time that you use PuTTY to connect to a particular server, you will be asked if you are sure that you want to connect, e.g.:
This is a precaution built into SSH that gives you the opportunity to verify the authenticity of the host before you enter your password. If you are connecting to a known CAEN host, simply click the Yes button to accept the host's fingerprint. This does not actually verify the authenticity of the host. If you have questions about this prompt, or believe you may be the victim of a man in the middle attack, send a description of your concerns to email@example.com.
PuTTY is available for free download at:
On Campus - SSH on Linux & Mac OS Computers
Linux and Mac OS both have built-in, command-line SSH programs. To connect from one Linux or Mac OS computer to another, simply type ssh host at the Terminal prompt, where host is either the alphanumeric hostname or numeric Internet Protocol (IP) address of the host. To connect to the CAEN Linux Login Service, for example:
example% ssh oncampus-course.engin.umich.edu
If the local user name on your personal computer is different from your U-M uniqname, you will need to specify your uniqname in the command as shown below:
example% ssh firstname.lastname@example.org
The first time that you run SSH to connect to a particular computer, you will be asked if you are sure that you want to connect, e.g.:
The authenticity of host 'example (192.168.1.2)' can't be established.
RSA key fingerprint is 6f:8c:47:bf:63:5f:e2:fb:80:5b:48:1a:db:81:cc:34.
Are you sure you want to continue connecting (yes/no)?
As described above with PuTTY, this is a precaution built into SSH that gives you the opportunity to verify the authenticity of the host before you enter your password. If you are connecting to a known CAEN host, simply respond by fully typing yes and pressing Enter to accept the host's fingerprint.
For more information on SSH, type man ssh.
Off Campus - Using Duo Two-Factor Authentication
Off-campus access to the CAEN Linux Login Service requires the use of Duo two-factor authentication (2FA). All that is needed is to enroll a device. Once your device is enrolled in Duo, you can connect to the Linux Login Service from off-campus using SSH with the following host: login-course-2fa.engin.umich.edu
For example, using PuTTY as described above, enter the Host Name field as shown below:
Upon clicking the Open button, a window will appear and prompt you for your UMICH password. After you enter your password and press Enter, you will then be prompted to authenticate with Duo. If you have more than one device enrolled with Duo, you will be given the option to choose which one to use:
Enter the code from your chosen device, and press Enter. You will then be provided with the normal Linux prompt on the login server.
This process will be the same when using the ssh command from the Terminal prompt on a Linux or Mac OS computer; simply change the host in the command:
example% ssh email@example.com