JUSTUS2/Login: Difference between revisions
Line 11: | Line 11: | ||
= Setup TOTP system = |
= Setup TOTP system = |
||
For better security the log in to JUSTUS 2 |
For better security the log in to JUSTUS 2 is based on |
||
two factor authentication (2FA) methods. |
|||
In addition to your service password, a time-based one-time |
In addition to your service password, a time-based one-time |
||
password (TOTP) is required as second factor. |
password (TOTP) is required as second factor. |
||
Usually you should have setup a hardware or software token |
|||
<b>To setup the TOTP system for your account, please follow the |
|||
for creating TOTPs already at this point. |
|||
instructions that are sent to you by email right after registering |
|||
If this is still missing, then please follow the instructions |
|||
for bwForCluster JUSTUS 2.</b> |
|||
for registering a new 2FA token on the following page: [[BwForCluster User Access/2FA Tokens]] |
|||
In general the TOTP consists of a shared secret, that is stored |
|||
on our JUSTUS 2 servers <b>and</b> that is imported into a TOTP app |
|||
on your smartphone. |
|||
With help of this app you can create a temporary TOTP value (6-digit number), |
|||
that must be entered while logging in to JUSTUS 2. |
|||
Please be aware that the TOTP value changes every 30 seconds. |
|||
So always enter the current 6-digit number as displayed by |
|||
the TOTP app. |
|||
Another important thing to remember is, that the TOTP value is |
|||
valid only once. It is a <b>one time</b> password. Once entered correctly, |
|||
it can no longer be used. For example when you have entered |
|||
a correct TOTP value, but a wrong password, the login will ask |
|||
you for the TOTP value again. In such cases please wait for |
|||
a new TOTP, thus please wait for the next 30 seconds time frame. |
|||
Here are some examples for TOTP generator APPs. Please install |
|||
one of those APPs in preparation for scanning the QR code |
|||
when creating the shared secret. |
|||
* Google playstore: |
|||
** [https://play.google.com/store/apps/details?id=org.shadowice.flocke.andotp andOTP Authenticator] |
|||
** [https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp FreeOTP Authenticator] |
|||
** [https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis Aegis Authenticator] |
|||
** [https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 Google Authenticator] |
|||
** [https://play.google.com/store/apps/details?id=com.yubico.yubioath Yubico Authenticator] |
|||
* Apple appstore: |
|||
** [https://apps.apple.com/us/app/freeotp-authenticator/id872559395 FreeOTP Authenticator] |
|||
** [https://apps.apple.com/us/app/google-authenticator/id388497605 Google Authenticator] |
|||
** [https://apps.apple.com/us/app/yubico-authenticator/id1476679808 Yubico Authenticator] |
|||
*F-Droid store: |
|||
** [https://f-droid.org/en/packages/org.shadowice.flocke.andotp/ andOTP Authenticator] |
|||
** [https://f-droid.org/en/packages/com.beemdevelopment.aegis/ Aegis Authenticator] |
|||
** [https://f-droid.org/en/packages/com.yubico.yubioath/ Yubico Authenticator] |
|||
= Login to JUSTUS 2 = |
= Login to JUSTUS 2 = |
Revision as of 19:41, 28 October 2020
Set JUSTUS 2 service password
Log in to JUSTUS 2 is only possible with a service password. The password of your home organization is not accepted anymore. Therefore please set a service password for JUSTUS 2 by following link "Set password" of section "JUSTUS 2" on the [registration server of JUSTUS2] - if you have not done so already.
Setup TOTP system
For better security the log in to JUSTUS 2 is based on two factor authentication (2FA) methods. In addition to your service password, a time-based one-time password (TOTP) is required as second factor.
Usually you should have setup a hardware or software token for creating TOTPs already at this point. If this is still missing, then please follow the instructions for registering a new 2FA token on the following page: BwForCluster User Access/2FA Tokens
Login to JUSTUS 2
Prerequisites for login:
- You have registered your account at the registration server for JUSTUS 2 (for registration, log in to the registration server of JUSTUS2 and click on "Register" in section "JUSTUS 2").
- You have set a service password for JUSTUS 2 (to do so login at the registration server of JUSTUS2 and select "Set Password" in section "JUSTUS 2").
- You have created a TOTP shared secret and imported that secret into a TOTP app on your smartphone (for details see email send by registration server right after account registration).
Thereafter you can access the bwForCluster JUSTUS 2 for Computational Chemistry and Quantum Sciences via ssh. Only the secure shell ssh is allowed for login.
From linux machines, you can log in using
ssh <UserID>@justus2.uni-ulm.de
During log in you must enter the current TOTP value (6-digit number) created with help of the TOTP app on your smartphone and your service password.
To run graphical applications, you can use the -X flag to openssh:
ssh -X <UserID>@justus2.uni-ulm.de
For better performance on slow connections you should use e.g. VNC.
The bwForCluster Chemistry in Ulm has four dedicated login nodes. The selection of the login node is done automatically. If you are logging in multiple times, different sessions might run
on different login nodes.
The names of the four login nodes are justus2-login01.rz.uni-ulm.de, justus2-login02.rz.uni-ulm.de, justus2-login03.rz.uni-ulm.de, justus2-login04.rz.uni-ulm.de.
These names can be used to access a specific one of the login nodes. In general, you should use justus2.uni-ulm.de to allow us to balance the load over the four login nodes.
About UserID / Username
<UserID> of the ssh command is a placeholder for your username at your home organization and a prefix denoting your organization. Prefixes and resulting user names are as follows:
Site | Prefix | Username |
---|---|---|
Freiburg | fr | fr_username |
Heidelberg | hd | hd_username |
Hohenheim | ho | ho_username |
Karlsruhe | ka | ka_username |
Konstanz | kn | kn_username |
Mannheim | ma | ma_username |
Stuttgart | st | st_username |
Tübingen | tu | tu_username |
Ulm | ul | ul_username |
Allowed activities on login nodes
The login nodes are the access point to the compute system and its $HOME directory. The login nodes are shared with all the users of the cluster. Therefore, your activities on the login nodes are limited to primarily set up your batch jobs. Your activities may also be:
- compilation of your program code and
- short pre- and postprocessing of your batch jobs.
To guarantee usability for all users of the bwForCluster you must not run your compute jobs on the login nodes. Compute jobs must be submitted as Batch Jobs. Any compute job running on the login nodes will be terminated without any notice.
Further reading
- Scientific software is made accessible using the Environment Modules system
- Compute jobs must be submitted as Batch Jobs
- Jobs needing disk space will need to request it in their job script. See Batch Jobs - request local scratch
- What hardware is available is described in Hardware and Architecture (bwForCluster JUSTUS 2