Skip to content

Authentication & First Login

The cluster uses FreeIPA, which integrates two complementary systems:

  • LDAP stores your account information: username, group membership, and home directory path.
  • Kerberos handles the underlying authentication protocol. As a regular user you do not need to interact with Kerberos directly — it works transparently when you log in via SSH.

Connecting for the First Time

ssh your_username@galileo.mi.infn.it

Enter your temporary FreeIPA password when prompted, follow the instructions to reset it and that is all that is required. Your session is authenticated automatically.

SSH keys allow you to authenticate without typing your password each time. This is especially convenient if you connect to the cluster frequently or use automated workflows. 

# Run this on your local workstation, not the cluster
ssh-keygen -t ed25519 -C "your_username@example.it"

# Copy your public key to the cluster
# You will be prompted for your FreeIPA password one final time
ssh-copy-id -i ~/.ssh/id_ed25519.pub your_username@galileo.mi.infn.it

# All subsequent connections will be passwordless
ssh your_username@galileo.mi.infn.it

💡 Having trouble connecting?

If your password is not accepted or your account appears inactive, contact the HPC support team at admins@lcm.mi.infn.it. Account provisioning and password resets are handled by the administrators of LCM.