Blog

From: Robert Parrott
Date: October 7, 2010 4:23:26 PM EDT
To: downtime@seas.harvard.edu
Subject: Access changes to login.seas.harvard.edu: Wednesday, 10/13/2010 at 10 AM

To all members of the SEAS community:

The SEAS login server (login.seas.harvard.edu) was recently rebuilt 
as the result of a compromised account.   In order to reduce our exposure 
to this sort of problem we will be making changes to better secure the 
SEAS login shell environment.

Please note that these changes are expected to be temporary until we 
can put into place authentication services that provide a higher level
of identity assurance on login systems.

===========================================================================
WHAT: Changes to SSH authentication
WHEN: Wednesday, Oct. 13 2010, 10:00 AM

We will be making the following changes to authentication policies for
login.seas.harvard.edu services.  Access to this server from on or off 
campus will now require using (1) the FAS VPN  or (2) SSH keys.

- (1) Members of the community wishing to authenticate to 
login.seas.harvard.edu with a password must connect through the 
FAS VPN.  Instructions for using the FAS VPN are available from FAS at:

 http://www.fas-it.fas.harvard.edu/node/79

The FAS VPN supports Windows, OS X, and Linux.  It requires
your HUID and PIN for authentication (or your FAS account and
password).

- (2) Members of the community authenticating using SSH keys will continue
to be able to access login.seas.harvard.edu from arbitrary locations.  If you
wish to learn more about using SSH key-based authentication, please
read our online documentation:

 http://ircs.seas.harvard.edu/display/USERDOCS/SSH+Access+to+SEAS+Hosts

If you have questions or concerns about these changes, please contact SEAS 
Instructional and Research Computing Services (IRCS) at 
ircshelp@seas.harvard.edu.

Thank you,

The IRCS Team

--
Robert E. Parrott, Ph.D. (Phys. '06)
Director, Instructional and Research Computing Services