There are two types of user servers: web servers and login servers. Unless you need to view the HTTP logs or debug a CGI problem, you wouldn't normally log in to the web servers. The two login servers, which you will want to be using most of the time, are willow and nightshade. These are identical; see user servers for more details.
Authentication is done via SSH public keys. There is no need (and no possibility) to use a password to log in; your client will present the private part of your SSH key, and the server will grant you access. You should treat your SSH private key like a password; if it's compromised, you need to change it immediately. Your public key is not secret, and you can use the same public key on many systems.
(You might be asked to enter a passphrase when authenticating; this is not your Toolserver password, it's only used to encrypt your private key on your own computer, in case someone steals it. This passphrase is never sent to the Toolserver, and you can change it at any time.)
Using SSH on Windows
There are several SSH clients for Windows. The most popular is PuTTY, which is free and provides a GUI interface; other options include the Cygwin OpenSSH client (free, command-line), and SecureCRT (commercial, GUI).
A tutorial for using PuTTY for SSH login can be found at http://unixwiz.net/techtips/putty-openssh.html
Creating an SSH key
Your SSH client should provide a way to generate an SSH key. If it asks you what format to store the public key in, choose OpenSSH. If that's not an option, use IETF SECSH.
If your SSH client doesn't provide a way to generate a key, you can use puttygen, the PuTTY key generation utility:
Logging in with PuTTY
If you are using PuTTY, you need to fill in the "host name" with either willow.toolserver.org or nightshade.toolserver.org, then locate your SSH key (under Connection->SSH->Auth). Don't change any of the other settings, and click "open". Verify the fingerprint against https://fingerprints.toolserver.org. Then log in with your user name and the passphrase for your private key.
Most SSH clients provide a way to save session settings, so you don't have to enter the details every time.
Using SSH on Unix or Linux
Most modern Unix systems include the OpenSSH client. To generate a key, run:
$ ssh-keygen -t rsa
This will store your private key in $HOME/.ssh/id_rsa, and your public key in $HOME/.ssh/id_rsa.pub. You can use different filenames, but these are the default filenames, so it's easiest to not change them.
To log in to the server, run:
$ ssh <username>@<server>.toolserver.org
You may be prompted for the passphrase you used when generating your key. <server> must be one of the login servers.
If your Toolserver username is the same as your local username, you can just use
$ ssh <server>.toolserver.org
If you would rather use a GUI client, a version of PuTTY (above) is also available for Unix.
When you log in, you might be asked to confirm the toolserver's key fingerprint. They are available at https://fingerprints.toolserver.org.
After logging in, you will be presented with:
- The current message-of-the-day
- Whether you have new local mail
- The date, time and location of your last login
- Whether you are already logged in, and where from
- Whether you have any detached screen sessions
- The date your account will expire
- Whether you have exceeded your disk quota
- Any new system news
Occasionally, you might have a reason to log into the web servers, e.g. to examine the web server logs. Because home directories are shared between both systems, you can use the same SSH key to log in; follow the same procedure as above.
mediawiki.demo.wmflabs.org - TTY
login as: example
Authenticating with public key "NAMEOFMYKEY"
Passphrase for key "NAMEOFMYKEY":
This is the Wikimedia Toolserver.
This is the Linux login server. There is also a Solaris login server
Last login: Sun Jan 01 1:50:37 2017 from 1-2-3-4.example.com
Your account will expire on Friday, 3 May 2019.
You are already logged in from the following host(s):
The following screen sessions are active under this account:
Using multiple keys
You may be in a situation where you need to use multiple identities accessing the toolserver, for instance you work in a company forbidding you to bring and use your personal key, but allowing their equipment to be used for beneficial purposes like maintaining tools during break times. Then you have to add an additional public key on the toolserver in order to have it recognized. In order to do so, you need to login with an already existing key at least once. If you cannot do so, you need administrator assistance, otherwise follow the procedure outlined below.
Adding a key from Unix or Linux
If you do not have one already, generate an additional keypair on your local machine:
$ ssh-keygen -t rsa -f 4toolserver
replacing 4toolserver with a name of your choice. Then have the public key in your $HOME/.ssh/4toolserver.pub uploaded and added to your $HOME/.ssh/authorized_keys on the toolserver:
$ ssh-copy-id -i 4toolserver nightshade.toolserver.org
You will be prompted for the passphrase of your old key and your old key will be used to log into the toolserver, add the new key, and log out. When that is done, you should be able to log in with either keypair. (As a safety measure, you may copy your $HOME/.ssh/authorized_keys on the toolserver to a safe place, stay logged in there from another shell during the update, and copy the file back, should you loose your ability to login due to an error)
If you need to use the new key from a different machine or location, you need to move $HOME/.ssh/4toolserver there in a secure way.