Step 1: Get a New account
ssh to hcoop.net as usual.
Run this command line: migrationpw
- Follow the on-screen directions.
- Wait for an e-mail from the user creation script. (This stage requires that a human run the script periodically to watch for failures, but one of us should run it several times a day.)
The password you set will go into our new Kerberos database, allowing log-in to mire and any other of our servers that we choose to enable for non-admin shell access. You will also use this password for authentication to other services, like e-mail and members-only HCoop web sites.
An e-mail will be sent to your HCoop account to let you know that your account has been created. Be sure to memorize your password, as it won't be saved anywhere unencrypted once the account creation script runs!
Step 2: Try logging in
Now you may attempt to login to mire.hcoop.net using your favorite SSH client or the new AJAX SSH service at http://ssh.hcoop.net/. The latter requires a modern browser that cooperates with AJAX.
SSH Public Key is Obsoleted
You can no longer use SSH public key authentication. Kerberos authentication ("ssh -K") is supported, for passwordless log-in. Some day, someone might implement the Kerberos support needed to make SSH public key auth work again. See MemberManual/DistributedSecurity for more information on all of this.
That being said, if you've always been typing a password to log in via SSH and don't care to do otherwise, then you don't need to bother reading this section!
DenyHosts
If you fail to log in correctly quite a few times, the DenyHosts scripts might lock you out. Currently any blocked IP's are purged after a week, so if you don't want to wait you'll need to submit a ticket, or if you can't access the portal to do this you'll need to send an email to <admins AT hcoop DOT net>.
Step 3: Visit the new portal
The new portal uses the same password you use to log in to mire. That is, if you haven't created a New account yet, then you can't access the new portal.
You should use the new portal for all administrative requests, except for the specialized request types (e.g., domains, firewall rules, etc.) when they relate to fyodor.
Step 4: Have your mail dual-delivered
We recommend that you tell fyodor to dual-deliver all of your mail so that one copy goes to deleuze (our new main server) and one copy goes to fyodor. That way you can start reading your email via deleuze, but if anything goes wrong you can just switch back to fyodor.
To do this, put the following lines in your ~/.forward file on fyodor. Note that the comment on the first line is mandatory -- it tells exim that this forward file uses special exim features. If your username was fred, you would put this in your ~/.forward:
# Exim filter deliver fred deliver fred@deleuze.hcoop.net
and you mail will be dual-delivered.
Step 5: Copy your existing email
You can also copy the contents of your mailboxes from fyodor to mire (actually to our shared AFS filesystem by way of mire). To do this, log in to fyodor and type the following.
rsync -are ssh --no-g --progress --verbose ~/Maildir/ mire.hcoop.net:Maildir/
Then log into mire and remove the ~/Maildir/shared-folders directory, if it exists. Also, change the contents of ~/Maildir/shared-maildirs on mire to:
SpamAssassin /var/local/lib/spamd/Maildir