BwUniCluster2.0/Login: Difference between revisions

From bwHPC Wiki
Jump to navigation Jump to search
m (P Schuhmacher moved page BwUniCluster 2.0 Login to BwUniCluster2.0/Login: Restructuring bwUniCluster pages into subpages)
(5 intermediate revisions by 3 users not shown)
Line 8: Line 8:
|}
|}


The login nodes of the bwHPC clusters are the access point to the compute system, your <code>$HOME</code> directory and your workspaces.
After finishing the web registration and making sure that you are on a network from which you have access to bwUniCluster 2.0 (e.g. by establishing a VPN connection), the HPC cluster is ready for your '''SSH''' based login. Recommended SSH clients applications are:
All users must log in through these nodes to submit jobs to the cluster.


'''Prerequisites for successful login:'''
* the ssh (OpenSSH) command included in all Linux distributions and macOS, -in command under Linux and macOS using the application ''terminal''

* [http://mobaxterm.mobatek.net/ MobaXterm] under Windows
You need to have
* completed the 3-step [[registration]] procedure.
* [[Registration/Password|set a service password]] for bwUniCluster 2.0.
* [[Registration/2FA|set up a second factor]] for the time-based one-time password (TOTP).


= Login to the bwUniCluster =

Login to the bwUniCluster 2.0 is only possible with a Secure Shell (SSH) client for which you must know your username on the cluster and the hostname of the login nodes.
For more general information on SSH clients, visit the [[Registration/Login/Client|SSH clients Guide]].

== Username ==

If you want to use the bwUniCluster 2.0 you need to add a prefix to your local username.
Users from the KIT, don't need a prefix on the bwUniCluster.
For prefixes please refer to the [[Registration/Login/Username|'''Username Wiki''']].

Examples:<br/>
* If your local username for the University is <code>vwxyz1234</code> and you are a user from the University of Freiburg this would combine to: <code>fr_vwxyz1234</code>.
* If your KIT username is <code>pxd27239</code>, you can use the same username for the bwUniCluster.


== Hostnames ==
== Hostnames ==


The system has three login nodes.
The main hostname required to connect to bwUniCluster 2.0 is '''bwunicluster.scc.kit.edu''' or '''uc2.scc.kit.edu'''. The system has four login nodes and we use so-called ''DNS round-robin scheduling'' to load-balance the incoming connections between the nodes. If you open multiple SSH sessions to bwUniCluster 2.0, these sessions will be established to different login nodes, so processes started in one session might not be visible in other sessions.
The selection of the login node is done automatically.
If you are logging in multiple times, different sessions might run on different login nodes.


Login to bwUniClister 2.0:
The older Broadwell extension partition of the former bwUniCluster 1 is connected to bwUniCluster 2.0.


{| class="wikitable"
! Hostname !! Node type
|-
| '''bwunicluster.scc.kit.edu''' || login to one of the three login nodes
|-
| '''uc2.scc.kit.edu''' || login to one of the three login nodes
|-
|}

In general, you should use automatic selection to allow us to balance the load over the three login nodes.
If you need to connect to specific login nodes, you can use the following hostnames:
If you need to connect to specific login nodes, you can use the following hostnames:


Line 24: Line 57:
! Hostname !! Node type
! Hostname !! Node type
|-
|-
| '''uc2-login1.scc.kit.edu''' || bwUniCluster 2.0, first login node
| '''uc2-login2.scc.kit.edu''' || bwUniCluster 2.0 first login node
|-
|-
| '''uc2-login2.scc.kit.edu''' || bwUniCluster 2.0, second login node
| '''uc2-login3.scc.kit.edu''' || bwUniCluster 2.0 second login node
|-
|-
| '''uc2-login3.scc.kit.edu''' || bwUniCluster 2.0, third login node
| '''uc2-login4.scc.kit.edu''' || bwUniCluster 2.0 third login node
|-
| '''uc2-login4.scc.kit.edu''' || bwUniCluster 2.0, fourth login node
|-
|-
|}
|}


== Host Keys ==
Only the secure shell ''SSH'' is allowed to login. Other protocols like ''telnet'' or ''rlogin'' are not allowed for security reasons.


When you log in, you may receive the message <code>The authenticity of host '<host address>' can't be established.</code> along with the host key fingerprint. This is intended so you can verify the authenticity of the host you are connecting to. Before you continue you should verify, if this fingerprint matches one of the following:
== Usernames ==

Your username will be the same as the one provided by your home institution, but '''prefixed''' with two characters and an underscore indicating your home institution. For example: If you are a member of the university of Konstanz and your local username is ab1234, your username on bwUniCluster 2.0 is kn_ab1234.

The following list contains all prefixes currently in use:


{| class="wikitable"
{| class="wikitable"
! Algorithm !! Fingerprint (SHA256)
! Home organization !! <UserID>
|-
|-
| '''RSA''' || SHA256:p6Ion2YKZr5cnzf6L6DS1xGnIwnC1BhLbOEmDdp7FA0
| Universität Freiburg || ''fr_''username
|-
|-
| '''ECDSA''' || SHA256:k8l1JnfLf1y1Qi55IQmo11+/NZx06Rbze7akT5R7tE8
| Universität Heidelberg || ''hd_''username
|-
|-
| '''ED25519''' || SHA256:yEe5nJ5hZZ1YbgieWr+phqRZKYbrV7zRe8OR3X03cn0
| Universität Hohenheim || ''ho_''username
|-
| KIT || username ''(without any prefix)''
|-
| Universität Konstanz || ''kn_''username
|-
| Universität Mannheim || ''ma_''username
|-
| Universität Stuttgart || ''st_''username
|-
| Universität Tübingen || ''tu_''username
|-
| Universität Ulm || ''ul_''username
|-
| Hochschule Aalen || ''aa_''username
|-
| Hochschule Albstadt-Sigmaringen || ''as_''username
|-
| Hochschule Esslingen || ''es_''username
|-
| Hochschule Heilbronn || ''hn_''username
|-
| Hochschule Karlsruhe || ''hk_''username
|-
| HTWG Konstanz || ''ht_''username
|-
| Hochschule Mannheim || ''mn_''username
|-
| Hochschule Offenburg || ''of_''username
|-
| Hochschule Reutlingen || ''hr_''username
|-
| Hochschule Rottenburg || ''ro_''username
|-
| Hochschule für Technik Stuttgart || ''hs_''username
|-
| Hochschule Ulm || ''hu_''username
|-
|-
|}
|}


== Login with SSH command (Linux, Mac, Windows) ==
== Client application: OpenSSH ==


Most Unix and Unix-like operating systems like Linux, macOS and *BSD come with a built-in SSH client provided by the OpenSSH project. More recent versions of Windows 10 and the Windows Subsystem for Linux also come with a built-in OpenSSH client.
Most Unix and Unix-like operating systems like Linux, Mac OS and *BSD come with a built-in SSH client provided by the OpenSSH project.
More recent versions of Windows 10 and Windows 11 using the [https://docs.microsoft.com/en-us/windows/wsl/install Windows Subsystem for Linux] (WSL) also come with a built-in OpenSSH client.


For login use one of the following ssh commands:
To use this client, simply open a command line terminal (the exact process differs on every operating system, but usually involves starting an application called '''Terminal''' or '''Command Prompt''') and enter the following command to connect to bwUniCluster 2.0:


ssh <username>@bwunicluster.scc.kit.edu
<pre>
$ ssh <UserID>@bwunicluster.scc.kit.edu
ssh -l <username> uc2.scc.kit.edu
</pre>


To run graphical applications, you can use the <code>-X</code> or <code>-Y</code> flag to <code>ssh</code>:
If you are on a Linux or Unix system running the X Window System (X11) and want to use a GUI-based application on bwUniCluster 2.0, you can use the ''-X'' option for the ssh command to set up X11 forwarding:


ssh -Y -l <username> bwunicluster.scc.kit.edu
<pre>
$ ssh -X <UserID>@uc2.scc.kit.edu
</pre>


For better performance, we recommend using [[VNC]].
Windows users requiring X11 forwarding for graphical applications should use '''MobaXterm''' instead.


== Login with graphical SSH client (Windows) ==
== Client application: MobaXterm ==


For Windows we suggest using MobaXterm for login and file transfer.
The bwHPC-C5 support team strongly recommends to use [http://mobaxterm.mobatek.net/ MobaXterm] instead of ''PuTTY'' or ''WinSCP'' on Windows. ''MobaXterm'' provides a built-in X11 server allowing to start GUI based software.
Start ''MobaXterm'', fill in the following fields:
Start ''MobaXterm'', fill in the following fields:
<pre>
<pre>
Remote name : uc2.scc.kit.edu
Remote name : bwunicluster.scc.kit.edu # or uc2.scc.kit.edu
Specify user name : <UserID>
Specify user name : <username>
Port : 22
Port : 22
</pre>
</pre>
Line 120: Line 109:
After that click on 'ok'. Then a terminal will be opened and there you can enter your credentials.
After that click on 'ok'. Then a terminal will be opened and there you can enter your credentials.


'''Note:''' When using File transfer with MobaXterm version 23.6 the following configuration change has to be made:
== Client application: FileZilla ==
In the settings in the tab "SSH", change the option "SSH engine" from "<new>" to "<legacy>". Then restart MobaXterm


== Login with Jupyterhub ==
Many GUI applications that support SFTP transfers on Linux don't work well with 2-factor authentification, e.g. Nautilus and Dolphin don't support it. A good alternative for Linux is FileZilla.


Login takes place at:
Start FileZilla, Select "File -> Site Manager..." from the main menu and set up a new connection with the following settings:
* bwUniCluster 2.0: [https://uc2-jupyter.scc.kit.edu uc2-jupyter.scc.kit.edu]
* SDIL: [https://sdil-jupyter.scc.kit.edu sdil-jupyter.scc.kit.edu]


More Information can be found [[BwUniCluster2.0/Jupyter#Login_process|here]].
<pre>
Protocol: SFTP - SSH File Transfer Protocol
Host: uc2.scc.kit.edu
Logon Typ: Interactive
User: <UserID>
</pre>


== Login Example ==
Then click on the "Connect" button.


To log in to bwUniCluster 2.0, you must provide your [[Registration/Password|service password]].
Files can be transferred between the local system and the cluster by navigating to the respective folders in the split file view and then either dragging files and folders between the views or by clicking on a file/folder with the right mouse button and then selecting "Upload" or "Download" from the menu.
Proceed as follows:
# Use SSH for a login node.
# The system will ask for a one-time password <code>Your OTP:</code>. Please enter your OTP and confirm it with Enter/Return. If you do not have a second factor yet, please create one (see [[Registration/2FA]]).
# The system will ask you for your service password <code>Password:</code>. Please enter it and confirm it with Enter/Return. If you do not have a service password yet or have forgotten it, please create one (see [[Registration/Password]]).
# You will be greeted by the cluster, followed by a shell.


<pre>
Note: If no data is sent or received FileZilla will close the connection after 20 seconds by default. This timeout can be changed in the FileZilla settings: Setting -> Timeout.
~ $ ssh -l fr_vwxyz1234 bwunicluster.scc.kit.edu

(fr_vwxyz1234@bwunicluster.scc.kit.edu) Your OTP: 123456
== Example login process ==
(fr_vwxyz1234@bwunicluster.scc.kit.edu) Password:

********************************************************************************
After the connection has been initiated, a successful login process will go through the following three steps:
* _ _ _ _ ____ _ _ ___ *

* | |____ _| | | |_ __ (_)/ ___| |_ _ ___| |_ ___ _ __(__ \ *
1. The system asks for a '''One-Time Password'''. Generate one using the Software or Hardware Token registered on the bwIDM system (see [[Registration/2FA]]) and enter it after the '''Your OTP:''' prompt.
* | '_ \ \ /\ / / | | | '_ \| | | | | | | / __| __/ _ \ '__| / / *

* | |_) \ V V /| |_| | | | | | |___| | |_| \__ \ || __/ | / /_ *
2. The systems asks for your service password. Enter it after the '''Password:''' prompt.
* |_.__/ \_/\_/ \___/|_| |_|_|\____|_|\__,_|___/\__\___|_| (____| *

* *
3. You are greeted by the bwUniCluster 2.0 banner followed by a shell.
* (KITE 2.0, RHEL 8.4, Lustre 2.12.6_ddn72) *

* *
The result should look like this:
* wiki: https://wiki.bwhpc.de/e/bwUniCluster_2.0 *

* *
[[File:BwUniCluster 2.0 access login example.png|center|]]
* ticket system: https://www.bwhpc.de/supportportal *
* email: bwunicluster@bwhpc.de *
* *
* training: https://training.bwhpc.de *
* email: training@bwhpc.de *
* *
********************************************************************************
Last login: Thu Jul 7 18:09:43 2022 from host1.scc.kit.edu
********************************************************************************
[fr_vwxyz1234@uc2n995 ~]$
</pre>


== Troubleshooting ==
== Troubleshooting ==


See [[BwUniCluster_2.0/FAQ#Login_Issues|bwUniCluster FAQ]].
'''Issue: The "Your OTP:" prompt never appears and the connection hangs/times out instead'''


Likely cause: You are most likely not on a network from which access to the bwUniCluster 2.0 system is allowed. Please check if you might have to establish a VPN connection first.


= Allowed Activities on Login Nodes =


{|style="background:#deffee; width:100%;"
'''Issue: The system asks for the One-Time Password multiple times'''
|style="padding:5px; background:#cef2e0; text-align:left"|

[[Image:Attention.svg|center|25px]]
Likely cause: Make sure you are using the correct Software Token to generate the One-Time Password.
|style="padding:5px; background:#cef2e0; text-align:left"|

To guarantee usability for all the users of clusters you must not run your compute jobs on the login nodes.

Compute jobs must be submitted to the queuing system.
'''Issue: The system asks for the service password multiple times'''
Any compute job running on the login nodes will be terminated without any notice.

Any long-running compilation or any long-running pre- or post-processing of batch jobs must also be submitted to the queuing system.
Likely cause: Make sure you are using the service password set on bwIDM and not the password valid for your home institution. Unlike the bwUniCluster 1, the bwUniCluster 2.0 only accepts the service password.
|}


'''Issue: There is an error message by the pam_ses_open.sh skript'''

Likely cause: Your account is in the "LOST_ACCESS" state because the entitlement is no longer valid, the questionaire was not filled out or there was a problem during the communication between your home institution and the central bwIDM system. Please try the following steps:

* Log into [https://bwidm.scc.kit.edu bwIDM], look for the bwUniCluster entry and click on '''Registry info'''. Your "Status:" should be "ACTIVE". If it is not, please wait for ten minutes since logging into the bwIDM causes a refresh and the problem might fix itself. If the status does not change to ACTIVE after a longer amount of time, please contact the support channels.

* If you have not filled out the questionaire, please do so on [https://zas.bwhpc.de/shib/en/bwunicluster_survey.php https://zas.bwhpc.de/shib/en/bwunicluster_survey.php] and then wait for about ten minutes before attempting to log into the HPC system again.


== Allowed activities on login nodes ==

The login nodes of bwUniCluster 2.0 are the access point to the compute system and to your bwUniCluster 2.0 $HOME directory. The login nodes are shared with all the users of bwUniCluster 2.0. Therefore, your activities on the login nodes are limited to primarily set up your batch jobs. Your activities may also be:


The login nodes of the bwHPC clusters are the access point to the compute system, your <code>$HOME</code> directory and your workspaces.
These nodes are shared with all the users therefore, your activities on the login nodes are limited to primarily set up your batch jobs.
Your activities may also be:
* '''short''' compilation of your program code and
* '''short''' compilation of your program code and
* '''short''' pre- and postprocessing of your batch jobs.
* '''short''' pre- and post-processing of your batch jobs.

To guarantee usability for all the users of bwUniCluster 2.0 <span style="color:red;font-size:100%;">'''you must not run your compute jobs on the login nodes'''</span>. Compute jobs must be submitted to the
[[bwUniCluster Batch Jobs|queueing system]]. Any compute job running on the login nodes will be terminated without any notice. Any long-running compilation or any long-running pre- or postprocessing of batch jobs must also be submitted to the [[bwUniCluster Batch Jobs|queueing system]].


We advise users to use [[BwUniCluster_2.0_Batch_Queues#Interactive_Jobs|interactive jobs]] for compute and memory intensive tasks like compiling.


== SSH Keys ==


= Related Information =
In contrast to the bwUniCluster 1 and many other HPC systems it is '''no longer possible to self-manage your SSH Keys by adding them to the ~/.ssh/authorized_keys file'''. Existing files will no longer be evaluated. SSH Keys have to be managed via the central bwIDM system instead. Please refer to the user guide for this functionality:


* If you want to reset your service password, consult the [[Registration/Password|Password Guide]].
[[Registration/SSH|Registering SSH Keys with your Cluster]]
* If you want to register a new token for the two factor authentication (2FA), consult the [[Registration/2FA|2FA Guide]].
* If you want to de-register, consult the [[Registration/Deregistration|De-registration Guide]].
* If you need an SSH key for your workflow, read [[Registration/SSH|Registering SSH Keys with your Cluster]].

Revision as of 13:23, 12 April 2024

Attention.svg

Access to bwUniCluster 2.0 is limited to IP addresses from the BelWü network. All home institutions of our current users are connected to BelWü, so if you are on your campus network (e.g. in your office or on the Campus WiFi) you should be able to connect to bwUniCluster 2.0 without restrictions. If you are outside one of the BelWü networks (e.g. at home), a VPN connection to the home institution or a connection to an SSH jump host at the home institution must be established first.

The login nodes of the bwHPC clusters are the access point to the compute system, your $HOME directory and your workspaces. All users must log in through these nodes to submit jobs to the cluster.

Prerequisites for successful login:

You need to have


Login to the bwUniCluster

Login to the bwUniCluster 2.0 is only possible with a Secure Shell (SSH) client for which you must know your username on the cluster and the hostname of the login nodes. For more general information on SSH clients, visit the SSH clients Guide.

Username

If you want to use the bwUniCluster 2.0 you need to add a prefix to your local username. Users from the KIT, don't need a prefix on the bwUniCluster. For prefixes please refer to the Username Wiki.

Examples:

  • If your local username for the University is vwxyz1234 and you are a user from the University of Freiburg this would combine to: fr_vwxyz1234.
  • If your KIT username is pxd27239, you can use the same username for the bwUniCluster.

Hostnames

The system has three login nodes. The selection of the login node is done automatically. If you are logging in multiple times, different sessions might run on different login nodes.

Login to bwUniClister 2.0:

Hostname Node type
bwunicluster.scc.kit.edu login to one of the three login nodes
uc2.scc.kit.edu login to one of the three login nodes

In general, you should use automatic selection to allow us to balance the load over the three login nodes. If you need to connect to specific login nodes, you can use the following hostnames:

Hostname Node type
uc2-login2.scc.kit.edu bwUniCluster 2.0 first login node
uc2-login3.scc.kit.edu bwUniCluster 2.0 second login node
uc2-login4.scc.kit.edu bwUniCluster 2.0 third login node

Host Keys

When you log in, you may receive the message The authenticity of host '<host address>' can't be established. along with the host key fingerprint. This is intended so you can verify the authenticity of the host you are connecting to. Before you continue you should verify, if this fingerprint matches one of the following:

Algorithm Fingerprint (SHA256)
RSA SHA256:p6Ion2YKZr5cnzf6L6DS1xGnIwnC1BhLbOEmDdp7FA0
ECDSA SHA256:k8l1JnfLf1y1Qi55IQmo11+/NZx06Rbze7akT5R7tE8
ED25519 SHA256:yEe5nJ5hZZ1YbgieWr+phqRZKYbrV7zRe8OR3X03cn0

Login with SSH command (Linux, Mac, Windows)

Most Unix and Unix-like operating systems like Linux, Mac OS and *BSD come with a built-in SSH client provided by the OpenSSH project. More recent versions of Windows 10 and Windows 11 using the Windows Subsystem for Linux (WSL) also come with a built-in OpenSSH client.

For login use one of the following ssh commands:

ssh <username>@bwunicluster.scc.kit.edu
ssh -l <username> uc2.scc.kit.edu

To run graphical applications, you can use the -X or -Y flag to ssh:

ssh -Y -l <username> bwunicluster.scc.kit.edu

For better performance, we recommend using VNC.

Login with graphical SSH client (Windows)

For Windows we suggest using MobaXterm for login and file transfer.

Start MobaXterm, fill in the following fields:

Remote name              : bwunicluster.scc.kit.edu    # or uc2.scc.kit.edu
Specify user name        : <username>
Port                     : 22

After that click on 'ok'. Then a terminal will be opened and there you can enter your credentials.

Note: When using File transfer with MobaXterm version 23.6 the following configuration change has to be made: In the settings in the tab "SSH", change the option "SSH engine" from "<new>" to "<legacy>". Then restart MobaXterm

Login with Jupyterhub

Login takes place at:

More Information can be found here.

Login Example

To log in to bwUniCluster 2.0, you must provide your service password. Proceed as follows:

  1. Use SSH for a login node.
  2. The system will ask for a one-time password Your OTP:. Please enter your OTP and confirm it with Enter/Return. If you do not have a second factor yet, please create one (see Registration/2FA).
  3. The system will ask you for your service password Password:. Please enter it and confirm it with Enter/Return. If you do not have a service password yet or have forgotten it, please create one (see Registration/Password).
  4. You will be greeted by the cluster, followed by a shell.
~ $ ssh -l fr_vwxyz1234 bwunicluster.scc.kit.edu
(fr_vwxyz1234@bwunicluster.scc.kit.edu) Your OTP: 123456
(fr_vwxyz1234@bwunicluster.scc.kit.edu) Password: 
********************************************************************************
*        _             _   _       _  ____ _           _            ___        *
*       | |____      _| | | |_ __ (_)/ ___| |_   _ ___| |_ ___ _ __(__ \       *
*       | '_ \ \ /\ / / | | | '_ \| | |   | | | | / __| __/ _ \ '__| / /       *
*       | |_) \ V  V /| |_| | | | | | |___| | |_| \__ \ ||  __/ |   / /_       *
*       |_.__/ \_/\_/  \___/|_| |_|_|\____|_|\__,_|___/\__\___|_|  (____|      *
*                                                                              *
*                   (KITE 2.0, RHEL 8.4, Lustre 2.12.6_ddn72)                  *
*                                                                              *
*                      wiki: https://wiki.bwhpc.de/e/bwUniCluster_2.0          *
*                                                                              *
*             ticket system: https://www.bwhpc.de/supportportal                *
*                     email: bwunicluster@bwhpc.de                             *
*                                                                              *
*                  training: https://training.bwhpc.de                         *
*                     email: training@bwhpc.de                                 *
*                                                                              *
********************************************************************************
Last login: Thu Jul  7 18:09:43 2022 from host1.scc.kit.edu
********************************************************************************
[fr_vwxyz1234@uc2n995 ~]$ 

Troubleshooting

See bwUniCluster FAQ.


Allowed Activities on Login Nodes

Attention.svg

To guarantee usability for all the users of clusters you must not run your compute jobs on the login nodes. Compute jobs must be submitted to the queuing system. Any compute job running on the login nodes will be terminated without any notice. Any long-running compilation or any long-running pre- or post-processing of batch jobs must also be submitted to the queuing system.

The login nodes of the bwHPC clusters are the access point to the compute system, your $HOME directory and your workspaces. These nodes are shared with all the users therefore, your activities on the login nodes are limited to primarily set up your batch jobs. Your activities may also be:

  • short compilation of your program code and
  • short pre- and post-processing of your batch jobs.

We advise users to use interactive jobs for compute and memory intensive tasks like compiling.


Related Information