The National Institute for Computational Sciences

Access and Login

ACF Login Host NameAuthentication SupportedFile System Access
acf-login.acf.utk.eduNetID + DuoHome,


Users who have a University of Tennessee netID will access resources via SSH and use the Duo app on their mobile device. New users will be given an opportunity to enroll in Duo when they apply for an account. Existing users can follow the below directions. Before enrolling in Duo, please ensure that you have associated your UT netID with your user account by logging into the user portal and click the link to associate your netID with your account.

Duo Setup Directions

New users are given an opportunity to enroll in Duo during the application process. If you skipped this step during the application process or you are an existing user who would like to enroll in Duo, please follow the below steps:

Step 1: Download Duo App
Step 2: Enroll in Duo Please visit the user portal and login. Then click the link to associate your credentials with your username and you will be guided through the enrollment process.

Connecting via Duo

> ssh <netID>
Please login to using your Netid password:
Duo two-factor login for 

Enter a passcode or select one of the following options:

 1. Duo Push to XXX-XXX-7890

Passcode or option (1-1): 1

Duo can either send you a 'push' or you can generate a passcode by tapping the key icon in the Duo mobile app. Choosing a 'push' will send a notification to the Duo app installed on your mobile device. Click 'Approve' and you will be logged in.

About SSH

UNIX-based operating systems generally have an SSH client built in and Windows users may obtain free clients online, such as PuTTY.

Any SSH client used to log into resources should:

  • Support the SSH-2 protocol (supported by all modern SSH clients). Several security vulnerabilities exist in the SSH-1 protocol, therefore, access using a version 1 client is not allowed.
  • Support the encryption algorithms that our Secure Shell server version 5.8 supports.
  • Allow keyboard-interactive authentication to access NICS systems. For UNIX-based SSH clients, the following line should be in either the default ssh_config file or your  $HOME/.ssh/config file:
    PreferredAuthentications keyboard-interactive,password
    The line may also contain other authentication methods, so long as keyboard-interactive is included. For recent versions of SecureCRT or PuTTY, the setting can be made through the SSH connection properties menu.

Other Login Issues

Inactive accounts

Accounts that are not used for a period of three consecutive months are disabled. If you believe your account has been disabled for inactivity please submit a request to

RSA Key Fingerprints

Occasionally, you may receive an error message upon logging in to a system such as the following:

Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the OTP host key has just been changed.

This can be a result of normal system maintenance that changes an RSA public key or could be an actual security incident. If these fingerprints do not match what your SSH/SCP/SFTP client shows you, do not continue authentication; instead, contact

X11 Forwarding

There are graphical tools you might want to use on NICS resources, which require using X11 forwarding. For example, there are a number of graphical debugging, optimization, and visualization tools. For instructions on setting up the X11 forwarding please see Procedures for X11 forwarding.

Changing Default Shell

You may change your default shell, by logging into the NICS User portal. After logging in to the portal, you may change your shell in the 'Login Information' section.