Connecting to DIaL2.5


Once you have requested access to DIaL2.5, you can access the login nodes using an SSH client and the generic (round-robin) address:


if necessary, you can also SSH directly to a specific login node, using the following hostnames

  • or

For example:

$ ssh

Multifactor Authentication (MFA)

All users are required to use Two factor authentication when accessing DIaL. We support:

  • Time-based One-Time Passwords (TOTP). This is the prefered form of second factor for DIaL.
  • Email OTP as an alternative for people that do not have a smartphone or cannot install a TOTP App.

You can setup both types of OTP (email-OTP and TOTP) if that is more convenient for you, and they can be used interchangeably at the point you login.

To setup your OTP tokens visit ( Log in using your normal DIaL username and password.

MFA image

You will then be prompted to enter a One Time Password (OTP).

If this is the first time you have logged onto the portal a six-digit One-Time-Password will be sent to the email address that you registered with SAFE. Enter the OTP code in order to complete the login process.

Using TOTP

With QR code


Before beginning make sure that you have a TOTP App installed on your PC or smartphone (for instance Authy, Google Authenticator, Microsoft Authenticator, LastPass)

Select the "Enroll OATH Soft token" tab.

MFA image

Now select "enroll your time base token". Take a screenshot of the QR code using your favourite OTP App.


The QR code will only be displayed once

It contains the shared secret that will be used to generate TOTP codes the QR code and secret must not be shared with anyone else.

From now on you will be able to access DIaL2.5 your regular DiRAC username and password along with the TOTP from your App.

$ Password:
$ Your OTP:

Without QR code reader

The QR code contains the shared secret that is used to generate TOTPs. The secret is a 52-letter code, scanning a QR code is normally the quickest and least error prone way of importing the secret into a TOTP App.

However, you may not have access to a QR code reader, for example, because

  • You do not have a smartphone
  • You do not have a working camera
  • You cannot install a TOTP App on your phone (e.g. workphone)
  • You would prefer to use a Desktop OTP App (which may have no way to read QR codes).

Fortunately, it is usually possible to import a secret into a TOTP App manually.

Firstly, you should create a soft token as describe in previous section. Right-click on the QR code and copy the URL. Past the URL into a text editor. You will see the 52-letter secret in the URL


Manually create a new account in your TOTP App and enter the secret when prompt. The exact instructions differs depending on the application.


If you are using a Desktop TOTP App, rather than a smartphone App you must password protect the App.

Using Email OTP

It is also possible to have OTPs sent to you via Email. Select the "Set PIN"tab

MFA image

Click on the email token in the left-hand panel (it will begin LSEM). Enter a 4 digit PIN. Finally click on "set PIN".

From now on you will be able to access DIaL2.5 your regular DiRAC username and password along with the PIN and the email OTP:

$ Password: <enter password>
$ Your OTP: <enter PIN>
$ e-mail sent successfully<enter OTP>

SSH Multiplexing

If you frequently open multiple, simultaneous SSH sessions to DIaL, you may find it convenient to set up multiplexing.

OpenSSH (Linux)

Create (or edit) the file ~/.ssh/config, and add

    ControlMaster auto
    ControlPath ~/.ssh/master-%r@%h:%p.socket

    ControlMaster auto
    ControlPath ~/.ssh/master-%r@%h:%p.socket

    ControlMaster auto
    ControlPath ~/.ssh/master-%r@%h:%p.socket


Putty Configuration > Connection > SSH > 'Share SSH connections if possible'