SSH access to our system, as well as authentication to anything else at HCoop, is managed by Kerberos. You get a Kerberos ticket automatically whenever you log in. Tickets expire in 10 hours, and can also keep automatically renewing to last you a week. After 7 days since creation, your Kerberos tickets will expire and it will not be able to renew the any more; you'll have to create them anew manually, by providing the password. To see your Kerberos tickets, run klist -5 and to invoke initialization or renewal, run:
kinit
and type your password.
Kerberos and AFS work together. So if your Kerberos ticket expires, so will your "token" for access to AFS. Such an expiration isn't abnormal; you should expect it to happen to SSH sessions less than a day after log-in (after 10 hours, to be specific). That's worth saying again in bold: It's expected that long-running ssh sessions will stop working unless you take special action.
To get AFS access back after renewing your Kerberos ticket with kinit, be sure to type
aklog
At this point, please read the Distributed Security page to understand the consequences that using AFS and Kerberos may have on your HCoop experience. We feel the gains in security to be worth the slight learning curve.
More information on automatic token renewal can be found in MemberManual/RunningUnattendedCommands. You mostly just need to run the k5start program with the proper arguments. This section of this page could probably stand to be improved, as its topic is a common source of confusion.
Also note that ssh public key authentication won't work as you might expect on our servers. You can log in just fine, but you won't have any AFS tokens. You can still grab them manually with kinit and aklog, but this won't work so well with non-interactive users of ssh like scp. You can do passwordless login with the -K flag to ssh, which enables Kerberos authentication. See MemberManual/ShellAccess for more information.