Skip to end of metadata
Go to start of metadata
Table of Content

Service Level Agreement

Name of Service

Remote Login Shell Service, "login" for short.

Service Description

The service provides the possibility to securely login to and receive a shell environment on a Unix/Linux system. The only intended operation of that login shell is to securely login to other Jacobs University machines, typically those behind Jacobs University's firewalls which are not reachable from outside Jacobs University's network.

The login shell is a typical Unix/Linux command line, it does not provide a graphical user environment. X11 forwarding is possible.

The host name to connect to is login.jacobs-university.de. The account name to use for login to this service is the CampusNET account and password. Protocol to use is SSH either version 2 or version 1. After suitable key generation and configuration done by the user, public-key based login is also possible, with RSA key for ssh protocol versions 1 and 2, DSA key for protocol version 2.

No persistence of personal information is available.

The service is not intended to run any computing or compiling jobs, to read emails, or other interactive or batch use. Resource quotas are in effect, including CPU time, number of processes, and hard disk space.

Resource

Type

Value

Description

cpu

soft

25

CPU Time in Minutes per process

 

hard

35

CPU Time in Minutes per process

nproc

soft

128

Max. number of concurrent runnings processes per user

 

hard

196

Max. number of concurrent runnings processes per user

maxlogins

soft

16

Max. number of concurrent logins per user

 

hard

24

Max. number of concurrent logins per user

quota

soft

10240

Filesystemquota in kb per user

 

hard

15000

Filesystemquota in kb per user

Service Products

Service product is the world-wide availability of the ssh protocol and login capability on login.jacobs-university.de.

Service Customer

(warning) Currently none.

Service User

Jacobs University members with a valid CampusNET/LDAP/VPN and CLAMV account.

Service Continuity

The service is provided until end of May 2009.

This SLA is fixed until July 2007.

Service Availability

The service is available 24/7.

Service Reliability

The service is 99% reliable, calculated per month.

Service Charging

No costs for service provisioning is charged to the Service Customer or Service User.

Service Security

The RSA key fingerprint of the ssh service of login.jacobs-university.de in md5 is:

1f:c5:a8:97:cf:1f:22:59:17:9f:ad:1e:ca:41:6a:17

The SSH RSA public key is

AAAAB3NzaC1yc2EAAAABIwAAAIEAxbOl2fR4XrUBsaFSEK7sXQcfqmPExrFI7wYiN1qsYJ8uwPyo55cIm0K83aQXw47om 0EINpc0PkohnsdwsQ/YMEMp7fnLoZ3+9OSL8EGOkrGj8QCe/PuEtKsTn9v1EVsyfOXIzeZm8UvHRs0qv+a9oFNYlFgf1wcq/Enzp4 gMGzE=

Download this file and add the content to your known_hosts file.

This finger print and SSH RSA public key are valid infinitely.

The Service User must ensure authenticity of the target host system themself.

ssh protocol version 2 and version 1 is offered, in this order. Using version 2 is recommended.

After suitable key generation and configuration done by the user, public-key based login is also possible, with RSA key for ssh protocol versions 1 and 2, DSA key for protocol version 2.

Service Prerequisites

The Service User must have a valid CampusNET/LDAP/VPN account and a valid CLAMV account.

Service Customer/User Responsibility

The Service User must ensure authenticity of the target host system themself.

The Service User must be knowledgable of how to use a Unix/Linux command line.

The Service User must have hir CampusNET account information to use this service.

If public key authentication is to be used, the Service User must take the necessary steps of generating an appropriate key and configuring the service.

Service Support

Support Extent

The Service Desk for Faculty and Staff

  • ensures availability of the remote login shell service,
  • updates operating system and installed software as appropriate,
  • provides information on configuration of the server processes.

Support Channels

Service support can be reached by employing the Service Desk for Faculty and Staff contact channels.

Support Availability

Service support is available during Service Desk for Faculty and Staff hours.

Service Workflows

Instantiation Workflow

There is no application workflow. Service Users as defined above are automatically eligible for this service.

Logging into the remote login shell service the first time automatically creates the user's home directory.

Operational Workflows

There are no operational workflows.

Decomission Workflow

As soon as the Service User as defined above is no longer eligible for this service, the user's content is subject for removal by IRC-IT without further notice. Service Users should plan ahead how to access their internal Jacobs University services before change of status or before leaving Jacobs University.

Key Performance Indicators

Monthly availability numbers as reported by IRC-IT's monitoring system.

Measurements of Key Performance Indicators

Availability SSH/SCP Service

External pages show the availability of this service for last month and, for informational purposes only, for the last 7 days.

Live System Status

The live status of the system implementing the service can be seen at this external page.

Additional Links

Server-side Software Documentation

Potential Client-side Software

Windows Tools

putty is the recommended tool for Windows users, online documentation is available.

TeraTerm Pro Web is an alternative.

Both tools are freeware.

Putty with SSH v1

If you need to to use Putty with SSH version 1 please ensure to mark Attempt TIS or CryptoCard auth (SSH-1) in Putty. You will find this in Connection -> SSH -> Auth. Whenever possible use SSH v2.

Unix/Linux

Each Unix/Linux installation comes with a ssh command line program. A man page is available via man ssh.

11 Comments

  1. Is it OK to use a key-pair based authentication to log in into this service?

    1. Sure! I have amended the above SLA to this effect.

  2. I am having trouble accessing the CWC cluster after logging in using this service. ssh to clamv works but not even from there is the CWC cluster accessible, is this a general policy, a problem on my side, or is the cluster just gone!?

    Thanks again (smile)

    Stefan

    1. Sorry, we can not reproduce the issue, because "The CWC cluster" is not run by IRC-IT or CLAMV. Please contact the system administrator of that system for investigation about their setup, eventual firewalling, login services, etc.

  3. I have trouble to login with Putty on Windows Vista. After sending the password the window close itself. I don't have this troubles if I use it to connect to other servers.

    1. Configure your putty to use ssh v2 only. that might work

      Mario Kaiser

  4. Getting a remote desktop? nxclient? xnest?

    I am logging into the remote shell using ssh -X currently, which gives me X11 forwarding of graphical applications.

    Now, I would like to have an entire remote desktop forwarded onto my machine (say, into a window)... Is that possible?

    I saw a Vista user on campus using this system: Look at the following screenshot: http://img3.freeimagehosting.net/image.php?3688f9a9c3.jpg

    My current OS is Archlinux. Packages won't be a problem. If i am not able to find what I need I will just compile it myself.

    1. How did the Vista user achieve it?

    2. This should be possible in at least two ways:

      • On the destination system a remote desktop service is configured.
        In openSUSE this is possible, there a VNC server is able to be configured and it might be
        possible to connect to using a special credential.
      • Using putty a tunnel is added to the ssh connection to the linux machine, forwarding local requests to port 5900 to the destination system. When logged in to the remote system a rfb server is started and from the local machine a VNC session is initiated to localhost port 5900 (or the port used by the rfb server).

      I was unable to achieve the latter in a quick-and-dirty-setup, but in theory it should work.

  5. I can see this page is quite old...
    Is this service still available somewhere?

    > ssh pcampalani@login.iu-bremen.de
    ssh: connect to host login.iu-bremen.de port 22: Connection refused

    1. Please use login.jacobs-university.de as hostname.