You are here

Logging In


Login Nodes:

Minerva currently has several Login Nodes. Some Login Nodes are connected to the campus network at 10Gb/s, allowing access to only the school. Other Login Nodes are connected to the public internet, allowing access from outside the school.
Both types of Login Nodes require two-factor authentication. There are several two-factor login choices available for use, depending on your account type. At least one type of two-factor authentication is required.

  • Campus Login node:
    There are currently two (2) campus Login Nodes. They may connect to either of them through a round-robin DNS redirect, or you may specify one of them manually if you prefer one or the other.
    The names are: -- Round Robin Redirect
  • Public Login node:
    There is currently one (1) public Login Node. It can be accessed via a round-robin DNS redirect (which in the future will be used for multiple nodes), or you may specify the node manually.
    The names are: -- Round Robin Redirect (future)
    Important: Too many failed login attempts to this node will block your IP for 24 hours
  • The name is mentioned for both the campus and public Login Nodes. Using this name will direct you to the nearest node. If you are on-campus, you will go on campus, off-campus will send you to the public Login Nodes.
    It may be wise to use the name for your connections, as it will continue to work in the future if Login Nodes are changed.

Authentication Types:
Minerva supports several authentication types. This is to accommodate multiple account types including external collaborators, students, Sinai employees, admins, etc. Each node may support multiple types of authentications. To login using a specific authentication type, you must append a suffix to your username during login. See the table below:

Abbreviation Components Example Username Example Password Used By
vkrb Sinai Password + 6 Digit Symantec VIP token code user1+vkrb passw0rd654321 Sinai Students, Staff, and Faculty
vldap Minerva Password + 6 Digit Symantec VIP token code user1+vldap passw0rd654321 External Groups, Visiting Faculty, Students
ykrb Sinai Password + YubiKey Button Push user1+ykrb passw0rdYUBIKEY.... Sinai Students, Staff, and Faculty
yldap Minerva Password + YubiKey Button Push user1+yldap passw0rdYUBIKEY.... External Groups, Visiting Faculty, Students

The default authentication is vkrb, which is what Mt Sinai School students will use. This covers 90% of the users.

The example username above format will replace your generic username on your SSH client.
For example, notice the differences between the following two lines:
Notice on the second line, the user appended "+yldap" to their username directly on the SSH command line.
Similarly, with the password, there should be no spaces, punctuation, enter-keys, etc between the two password components.

Which Authentication Type Should I Use?
When your account was created, you were told what type of authentication your account works with. Depending on your situation with the Mount Sinai campus directory, you may require one method or another. If you are unsure which method your account works with, please contact
The default authentication is vkrb, which is what Mount Sinai School students will use. This covers 90% of the users.

Two Factor Authentication:
Symantec VIP:
Symantec VIP produces a 6 digit code using either a hardware token or software token provided by Mount Sinai. To generate the code, you need to either launch the application on your phone or PC, or press the button on your hardware token.

First you need a token.
Hardware Token:
You can obtain a Hardware Token from the IT Helpdesk. We don't have Hardware Token available now.

Software Token:
On an Android and/or iPhone, the application is called "VIP Access" and is published by Symantec.
Blackberry, Windows Mobile, etc are also supported. View the Symantec Mobile ID Protection Center for more information for specific platforms.

Register the token with Mt Sinai.
Find the "Credential ID", a long ID code starting with 3-5 letters followed by a series of numbers. On the phone-based soft tokens, this is displayed directly on the screen. On the hard tokens, it is located on the back as the Serial Number (S/N).
To register the token with Sinai, go to the Self Service Portal. Login with your Sinai username and password and follow the instructions to register the token.
Once registered, the token should instantly work.

Login with your token.
Connect to via SSH. Enter your Mount Sinai password followed by the 6 digits on the token. Do not put a space or press enter between your password and the code.

A Yubikey produces a code consisting of many-characters (about 26) using USB device which emulates a keyboard. Essentially, it is a 1-button USB Keyboard. To generate the code, plug the device into your USB port and press the only button on the Yubikey at the appropriate time. The output will be typed into the window/console as if it were typed by a keyboard followed by the "enter key".

If you obtain your Yubikey from the HPC Staff, it will likely already be registered with your account.
If it is not already registered, or if you are using a different Yubikey, you will need to follow a simple registration process.

Connect to / from:
Connections to / from different nodes in the cluster are restricted depending on your location. Please see the following chart to check where you may connect to / from:

From:     To --> Private Login Node Public Login Node Cluster Node Campus Public
Campus Login Node - Yes Yes Yes Yes
Public Login Node No - Yes No Yes
Cluster Node Yes No - No No
Campus Yes Yes No - -
Public No Yes No - -

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer