Setting Up and Resetting Your Password

You may use this process to set or reset your password at any time if you are a member of a NeSI project team with a currently active allocation.

• Setting your password for the first time
• Resetting your password

Setting Your Password for the First Time

1. Log into the My NeSI portal via your browser. Choose 'Set Password' if it's a new account, 'Reset Password' if it's an existing account.
   
   

   Note: You must wait at least one hour between password reset requests. Account is not ready?

2. NeSI will send you an e-mail with a temporary URL. If you do not receive this email within a few minutes, check your spam filter.

   WARNING: Do not close the web page displaying your temporary password until you have completed the password reset process. The temporary password link may only be opened once. If you accidentally close the page (or your browser or computer crashes), you will need to wait an hour before requesting a new password reset.

3. Click on the link in the e-mail. This link will take you to a web page containing your unique temporary password.

4. Logging in and resetting your password is a six-step process, detailed below. Once you have changed your password, your connection will eventually be terminated with Permission denied (keyboard-interactive). or Access denied (keyboard-interactive).. This is normal until you set up your second factor. Please ensure you read all six steps before proceeding as the output messages are easily misleading.

   Note: there is a 2 minute idle timeout set in the console.

   1. Connect to the lander node:
      • If you are using a Mac or Linux computer, connect to the lander node using the command:ssh -Y <myusername>@lander02.nesi.org.nz, where <myusername> should be replaced with your Linux username, which you can find by logging in to the My NeSI site (not to be confused with your institutional login name).
      • If you are using a Windows computer, start a new session on MobaXterm and set the Remote Host to lander02.nesi.org.nz and your username as your Linux username.

      Note: When you first attempt to SSH into the lander node you may be met with a message warning you that the authenticity of the host cannot be established and asking if you wish to continue. You must type yes and press the Enter key. Typing y as a shorthand for “yes” is not sufficient.

   2. When you first issue the ssh command to log in, you will be asked to enter a password. Enter your temporary password.
   3. Once you have correctly entered your temporary password, you will be told that your temporary password has expired and you will be asked to change it. First, the system will present a Current Password: prompt. Enter your temporary password again.
   4. Then, the system will ask you for your NEW password (New password:). Our system will only accept a password if it complies with our password policy.
   5. You will be asked to confirm your NEW password (Retype new password:).
   6. Once you have changed your password, either your session will be closed or you will be asked to enter a password again. Do not try to actually enter your new password or your temporary password, as neither will work. If you try to do this, your computer, and possibly your entire organisation, will be detected as suspicious and locked out of NeSI until you can contact NeSI staff who must then reset our security system. Instead, press Ctrl-C, or press Enter repeatedly until you get the Access denied (keyboard-interactive). (or Permission denied (keyboard-interactive).) message.

   Example of the process:

   [user@host ~]# ssh -Y <username>@lander02.nesi.org.nz
   New Zealand eScience Infrastructure (NeSI) HPC Lander node.
   
   By using this computer system, you accept and agree to the NeSI Acceptable Use Policy.
   To ensure compliance with legal requirements and to maintain cyber security standards, NeSI HPC systems are subject to ongoing monitoring, activity logging and auditing.
   This monitoring and auditing service may be provided by third parties.
   Such third parties can access information transmitted to, processed by and stored on NeSI's HPC systems.
   
   Documentation:
   Support:
   
   Password: <temporary password>
   Password expired. Change your password now.
   Current Password: <temporary password>
   New password: <NEW password>
   Retype new password: <NEW password>
   Password: <Enter or Ctrl+C>
   Password: <Enter or Ctrl+C>
   Access/Permission denied (keyboard-interactive).
   [user@host ~]$
   

   If you have to enter more than four passwords, something has probably gone wrong. You may have entered the wrong temporary password at one of the first two prompts, your new password may not satisfy our password criteria, or you may have mis-typed your new password when confirming it. Alternatively, you may have accidentally pressed Enter or Ctrl-C at the wrong time. If any of these situations has happened, you should exit the session and simply start over but you will need to wait an hour.
   
   For users behind the NIWA VPN once you have set your password you will be able to log directly into the platforms without setting up a second factor, however you will not be able to log in to the lander nodes (this is normal and expected). You can also reset your password directly on the platforms, rather than through the lander nodes, in which case you should automatically be logged in upon successfully setting your password, rather than being disconnected as shown above on the lander nodes.

You are now ready to move on to setting up your two-factor authentication.

Resetting Your Password

The first three steps of this process are identical to setting your password for the first time, except that the button to start the process is white and labelled "Reset Password" instead of blue and labelled "Set Password". Once you get to step 4, the prompts will look slightly different, as you will be prompted for your first factor instead of a password. Whenever you are prompted for First Factor, enter the temporary password, i.e. the password in the web link that was sent to you by email. When prompted for Second Factor, enter your second-factor token from your smartphone or equivalent.

There is a two-minute idle timeout at the login prompt, so we suggest you choose a new password that complies with the NeSI password policy before you begin step 4 by logging in to the lander node.

NOTE: When you get the message, "Password expired. Change your password now.", you will be prompted for both your first and second factors a second time. You must wait for the second factor token to reset (up to 30 seconds) before entering the new token.

You do not need to enter a second factor when prompted for "New password" or "Retype new password".

Example of the process:

[user@host ~]# ssh -Y <username>@lander02.nesi.org.nz
First Factor: <temporary password>
Second Factor (optional): <second factor>
Password expired. Change your password now.
First Factor (Current Password): <temporary password>
Second Factor (optional): <second factor>
New password: <NEW password>
Retype new password: <NEW password>

If you still have trouble, you may need to delete your second factor token from your My NeSI account. You can do that by following these instructions: How to replace my 2FA token. Once you have deleted your second factor token, you will need to follow the full instructions at Setting Your Password for the First Time (except that the button may be white and labelled "Reset Password", instead of blue and labelled "Set Password") and then set up a new two-factor authentication token.