Don't See What You're Looking For?

Help Us Improve

Browse by Collection

Skip to end of metadata
Go to start of metadata

Recommended Articles


GL is the name of our general access Unix systems here at UMBC, managed by DoIT. Anyone with a UMBC account can access GL.

Accessing the GL Servers

To connect to GL you’ll need an SSH client. For Windows, we recommend using PuTTY; the Bitvise SSH client is an alternative option. For Mac and Linux, we recommend the ssh command in the Terminal. Below is the connection info for GL:

Host:gl.umbc.edu
Port:22 (This is the default for SSH)
Protocol (Connection Type):SSH

You authenticate to the GL systems using your myUMBC username (all lowercase!) and password. 

Windows

Connect using your SSH client. They usually have a connection dialog where you can specify the host, port, and protocol information listed above. 

Mac/Linux

Run ssh yourusername1@gl.umbc.edu in the Terminal.

Other information

Quotas

All UMBC accounts have a quota of 500MB. If you exceed your quota, you will have issues running programs, etc. You can check your quota by running “fs lq” in your home directory.

Host Authenticity

When you first connect to an unknown server over SSH, your client will typically present the server's host key fingerprint so that you can verify its authenticity. These are the current host key fingerprints (as of 8/23/2018) for the GL servers:

ECDSA

SHA256:wSwjkRNKOUxWYi8XaCFSOyQwhnSctdagnVdlD9Y/5Lw
MD5:31:30:e8:74:ae:0f:6e:7a:4d:db:74:f9:84:c9:45:f1

ED25519

SHA256:9Run2uzIk1A0iG0w9I/Quc5/YNAA0KPGgkXTZYaiulc
MD5:19:12:7b:ae:90:ba:e8:9c:74:89:09:85:96:22:1e:2d

RSA

SHA256:OsvGzoPEGqIaxlNCqUUXi38B1WavHkT1ASDSOX0TBs4
MD5:c4:aa:5f:35:d6:ba:3e:97:60:4d:79:80:ab:2c:63:44

Common Questions

Can I add an SSH key to my GL account?

No, sorry, you can't. Due to the way the system is set up, SSH keys don't work. We understand that might be frustrating to some of our security-minded students, so here's why:

We store user home directories in a network filesystem called AFS. AFS is built to use a system called Kerberos for authentication.

As part of the default login process, SSH asks you for your password. The GL server then attempts to authenticate you with Kerberos using that password and receives a Kerberos ticket granting ticket (TGT). It then uses that TGT to request an AFS ticket, which it then uses to request an AFS token, which allows access to your home directory.

Without your password being temporarily present, the GL server can't get you your Kerberos TGT, which means you can't get access to your home directory

As a result, we have SSH keys disabled for non-root users. If we left it enabled, it would work, and then you'd get a permission denied error for your own home directory, which wouldn't be very useful for you (smile)

Browse all articles

Feedback: Correct or Suggest an Article | Request Help

  • No labels