Logging in
There are multiple sets of user accounts within the school.
There are currently at least five more-or-less separate sets of unix logins within the school:
- single sign-on (SSO): the 'new' sign-on directory, which covers many unix hosts, and some web services;
- ‘nuclear’ and ‘PPE’: (guess);
- there used to be ‘astronomy’ and ‘school unix’ accounts, but these are being phased out and migrated to the SSO accounts.
Additionally,
- There are also ‘guphysics’ accounts – a.k.a. ‘Windows’ accounts – which are accounts on the local Windows domain, which also give access to a few other school services, including the now strongly dispreferred ‘guphysics’ WiFi network.
The SSO accounts are managed by Norman Gray, the ‘guphysics’ ones by Ian Anthony, the ‘nuclear’ ones by Ken Livingston and Bryan McKinnon, and the ‘PPE’ ones by Gordon Stewart.
The SSO directory will replace the astronomy and physics logins. For further details see the SSO page. From mid-2019, there is a process of migrating from the ‘school unix’ ones to the single signon account directory.
The majority of the machines in the school are firewalled off from off-campus locations. If you wish to connect to a machine which is not one of the few exceptions, you can do so either using the VPN, or by using ‘SSH’ (see below).
If you are on-campus, or using the campus VPN (see below for instructions), you can connect directly to any of the school machines. You do not need to connect to a login/bastion machine in this case.
Using SSH §
ssh
is a secure shell protocol – it allows you to make a
secure connection to a shell on a remote computer, where ‘secure’
means both that you can have some assurance that the computer is the
computer it claims to be (and not some imposter), and that that
computer can have some confidence that you are who you say you are.
- Connecting to P&A machines using ssh
- Further general details on Wikipedia
Using the campus VPN §
The campus VPN is provided by Central IT Services. The point of the VPN is that, when you are using it, you are effectively ‘on campus’ for the purposes of connecting to machines, and using other campus-only services, such as connecting to some journals or databases.
VPNs are not guaranteed to work everywhere, and some institutional, airport or hotel wireless networks might block them, either deliberately or inadvertently. In that case, you will have to connect using the SSH bastion machines.
Campus VPN client: To download, configure, and connect to the VPN, you should use the Central IT instructions.
Some OS VPN clients will work, but not all. The advantage of these is that they're better integrated with your OS; the disadvantage is that this route is not supported by the campus help desk. When the campus VPN service was substantially expanded in early 2020, the following instructions ceased to work. Campus IT expects to restore this functionality in the fullness of time, but (as of April 2020) these instructions are at present for reference only.
OS VPN client: Some OSs have a built-in VPN client which may be used instead (see for example instructions for OS X and Windows 10). This has some advantages, in terms of better integration with the OS's networking support, and doesn't involve a separate download, but in principle it's not supported by Central IT or School IT support. Follow the platform-specific instructions above, selecting
- VPN Type: ‘IPSec’ or ‘Cisco IPSec’
- Server address:
gucsasa1.cent.gla.ac.uk
- Account name: your GUID (leave password blank, and you will be prompted each time you connect)
- Authentication settings: ‘shared secret’, and that shared secret is ‘mon13day’
- Group name: ‘vpnstaff’
Ubuntu and other Debian derivatives: To access using the built in NetworkManager, you'll need to install two openconnect packages that provide the required functionality.
- Using the terminal client, run ‘apt install network-manager-openconnect network-manager-openconnect-gnome’
- Open the network settings GUI
- Add a new VPN connection, selecting ‘Cisco AnyConnect Compatible VPN’
- In the
Gateway
field enter theServer address
above and save
On enabling the VPN from the network settings GUI, enter the following:
- GROUP: ‘Campus_Use’ or ‘Off_Campus_Use’ depending on requirements
- Username: your GUID
- Password: corresponding password to your GUID
See VPN for iOS instructions.
Alternative ways to connect §
There are some other ways to connect to the machines in the school, including VNC and x2go. Both of these have the advantage of supporting a graphical connection to the remote machine, but they also have some rather awkward disadvantages. It would be worth talking to your local IT support people if you need to make use of this.
Troubleshooting §
If you are experiencing issues, have a look at some collected notes around resolving common faults.