BwUniCluster2.0/Login: Difference between revisions
m (→SSH Keys) |
|||
| Line 141: | Line 141: | ||
After the connection has been initiated, a successful login process will go through the following three steps: |
After the connection has been initiated, a successful login process will go through the following three steps: |
||
1. The system asks for a '''One-Time Password'''. Generate one using the Software or Hardware Token registered on the bwIDM system (see [[ |
1. The system asks for a '''One-Time Password'''. Generate one using the Software or Hardware Token registered on the bwIDM system (see [[Registration/2FA]]) and enter it after the '''Your OTP:''' prompt. |
||
2. The systems asks for your service password. Enter it after the '''Password:''' prompt. |
2. The systems asks for your service password. Enter it after the '''Password:''' prompt. |
||
Revision as of 13:21, 31 January 2022
 |
Access to bwUniCluster 2.0 is limited to IP addresses from the BelWü network. All home institutions of our current users are connected to BelWü, so if you are on your campus network (e.g. in your office or on the Campus WiFi) you should be able to connect to bwUniCluster 2.0 without restrictions. If you are outside one of the BelWü networks (e.g. at home), a VPN connection to the home institution or a connection to an SSH jump host at the home institution must be established first. |
After finishing the web registration and making sure that you are on a network from which you have access to bwUniCluster 2.0 (e.g. by establishing a VPN connection), the HPC cluster is ready for your SSH based login. Recommended SSH clients applications are:
- the ssh (OpenSSH) command included in all Linux distributions and macOS, -in command under Linux and macOS using the application terminal
- MobaXterm under Windows
Hostnames
The main hostname required to connect to bwUniCluster 2.0 is bwunicluster.scc.kit.edu or uc2.scc.kit.edu. The system has four login nodes and we use so-called DNS round-robin scheduling to load-balance the incoming connections between the nodes. If you open multiple SSH sessions to bwUniCluster 2.0, these sessions will be established to different login nodes, so processes started in one session might not be visible in other sessions.
The older Broadwell extension partition of the former bwUniCluster 1 is connected to bwUniCluster 2.0.
If you need to connect to specific login nodes, you can use the following hostnames:
| Hostname | Node type |
|---|---|
| uc2-login1.scc.kit.edu | bwUniCluster 2.0, first login node |
| uc2-login2.scc.kit.edu | bwUniCluster 2.0, second login node |
| uc2-login3.scc.kit.edu | bwUniCluster 2.0, third login node |
| uc2-login4.scc.kit.edu | bwUniCluster 2.0, fourth login node |
Only the secure shell SSH is allowed to login. Other protocols like telnet or rlogin are not allowed for security reasons.
Usernames
Your username will be the same as the one provided by your home institution, but prefixed with two characters and an underscore indicating your home institution. For example: If you are a member of the university of Konstanz and your local username is ab1234, your username on bwUniCluster 2.0 is kn_ab1234.
The following list contains all prefixes currently in use:
| Home organization | <UserID> |
|---|---|
| Universität Freiburg | fr_username |
| Universität Heidelberg | hd_username |
| Universität Hohenheim | ho_username |
| KIT | username (without any prefix) |
| Universität Konstanz | kn_username |
| Universität Mannheim | ma_username |
| Universität Stuttgart | st_username |
| Universität Tübingen | tu_username |
| Universität Ulm | ul_username |
| Hochschule Aalen | aa_username |
| Hochschule Albstadt-Sigmaringen | as_username |
| Hochschule Esslingen | es_username |
| Hochschule Heilbronn | hn_username |
| Hochschule Karlsruhe | hk_username |
| HTWG Konstanz | ht_username |
| Hochschule Mannheim | mn_username |
| Hochschule Offenburg | of_username |
| Hochschule Reutlingen | hr_username |
| Hochschule Rottenburg | ro_username |
| Hochschule für Technik Stuttgart | hs_username |
| Hochschule Ulm | hu_username |
Client application: OpenSSH
Most Unix and Unix-like operating systems like Linux, macOS and *BSD come with a built-in SSH client provided by the OpenSSH project. More recent versions of Windows 10 and the Windows Subsystem for Linux also come with a built-in OpenSSH client.
To use this client, simply open a command line terminal (the exact process differs on every operating system, but usually involves starting an application called Terminal or Command Prompt) and enter the following command to connect to bwUniCluster 2.0:
$ ssh <UserID>@bwunicluster.scc.kit.edu
If you are on a Linux or Unix system running the X Window System (X11) and want to use a GUI-based application on bwUniCluster 2.0, you can use the -X option for the ssh command to set up X11 forwarding:
$ ssh -X <UserID>@uc2.scc.kit.edu
Windows users requiring X11 forwarding for graphical applications should use MobaXterm instead.
Client application: MobaXterm
The bwHPC-C5 support team strongly recommends to use MobaXterm instead of PuTTY or WinSCP on Windows. MobaXterm provides a built-in X11 server allowing to start GUI based software.
Start MobaXterm, fill in the following fields:
Remote name : uc2.scc.kit.edu Specify user name : <UserID> Port : 22
After that click on 'ok'. Then a terminal will be opened and there you can enter your credentials.
Client application: FileZilla
Many GUI applications that support SFTP transfers on Linux don't work well with 2-factor authentification, e.g. Nautilus and Dolphin don't support it. A good alternative for Linux is FileZilla.
Start FileZilla, Select "File -> Site Manager..." from the main menu and set up a new connection with the following settings:
Protocol: SFTP - SSH File Transfer Protocol Host: uc2.scc.kit.edu Logon Typ: Interactive User: <UserID>
Then click on the "Connect" button.
Files can be transferred between the local system and the cluster by navigating to the respective folders in the split file view and then either dragging files and folders between the views or by clicking on a file/folder with the right mouse button and then selecting "Upload" or "Download" from the menu.
Example login process
After the connection has been initiated, a successful login process will go through the following three steps:
1. The system asks for a One-Time Password. Generate one using the Software or Hardware Token registered on the bwIDM system (see Registration/2FA) and enter it after the Your OTP: prompt.
2. The systems asks for your service password. Enter it after the Password: prompt.
3. You are greeted by the bwUniCluster 2.0 banner followed by a shell.
The result should look like this:
Troubleshooting
Issue: The "Your OTP:" prompt never appears and the connection hangs/times out instead
Likely cause: You are most likely not on a network from which access to the bwUniCluster 2.0 system is allowed. Please check if you might have to establish a VPN connection first.
Issue: The system asks for the One-Time Password multiple times
Likely cause: Make sure you are using the correct Software Token to generate the One-Time Password.
Issue: The system asks for the service password multiple times
Likely cause: Make sure you are using the service password set on bwIDM and not the password valid for your home institution. Unlike the bwUniCluster 1, the bwUniCluster 2.0 only accepts the service password.
Issue: There is an error message by the pam_ses_open.sh skript
Likely cause: Your account is in the "LOST_ACCESS" state because the entitlement is no longer valid, the questionaire was not filled out or there was a problem during the communication between your home institution and the central bwIDM system. Please try the following steps:
- Log into bwIDM, look for the bwUniCluster entry and click on Registry info. Your "Status:" should be "ACTIVE". If it is not, please wait for ten minutes since logging into the bwIDM causes a refresh and the problem might fix itself. If the status does not change to ACTIVE after a longer amount of time, please contact the support channels.
- If you have not filled out the questionaire, please do so on https://zas.bwhpc.de/shib/en/bwunicluster_survey.php and then wait for about ten minutes before attempting to log into the HPC system again.
Allowed activities on login nodes
The login nodes of bwUniCluster 2.0 are the access point to the compute system and to your bwUniCluster 2.0 $HOME directory. The login nodes are shared with all the users of bwUniCluster 2.0. Therefore, your activities on the login nodes are limited to primarily set up your batch jobs. Your activities may also be:
- short compilation of your program code and
- short pre- and postprocessing of your batch jobs.
To guarantee usability for all the users of bwUniCluster 2.0 you must not run your compute jobs on the login nodes. Compute jobs must be submitted to the queueing system. Any compute job running on the login nodes will be terminated without any notice. Any long-running compilation or any long-running pre- or postprocessing of batch jobs must also be submitted to the queueing system.
SSH Keys
In contrast to the bwUniCluster 1 and many other HPC systems it is no longer possible to self-manage your SSH Keys by adding them to the ~/.ssh/authorized_keys file. Existing files will no longer be evaluated. SSH Keys have to be managed via the central bwIDM system instead. Please refer to the user guide for this functionality: