JUSTUS2/Login: Difference between revisions

From bwHPC Wiki
Jump to navigation Jump to search
No edit summary
Line 1: Line 1:

= Set service password =

<b>Log in to JUSTUS 2 is only possible with a service password.</b>
The password of your home organization is not accepted anymore.
Therefore please set a service password for JUSTUS 2 by following
link "Set password" of section "JUSTUS 2" on the
[[BwForCluster_User_Access#Personal_registration_at_bwForCluster|registration server of JUSTUS2]]
- if you have not done so already.

= Create TOTP keys =

For better security the log in to JUSTUS 2 requires two factors.
In addition to your service password, a time-based one-time
password (TOTP) is required as second factor.

<b>To setup a TOTP for your account, please follow the instructions
that are sent to you by email right after registering for
bwForCluster JUSTUS 2.</b>

In general the TOTP consists of a shared secret, that is stored
on our JUSTUS 2 servers <b>and</b> that is imported into a TOTP APP
on your smartphone by scanning a QR-code (quick response code).

With help of this APP you can create a temporary TOTP value (6-digit number),
that must be entered while logging in to JUSUTS 2.
Please be aware that the TOTP value changes every 30 seconds.
So always enter the current 6-digit number as displayed by
the TOTP app.

Another important thing to remember is, that the TOTP value is
valid only once. It is a <b>one time</b> password. Once entered correctly,
it can no longer be used. For example when you have entered
a correct TOTP value, but a wrong password, the login will ask
you for the TOTP value again. In such cases please wait for
a new TOTP, thus please wait for the next 30 seconds time frame.

Here are some examples for TOTP generator APPs. You can install
one of those APPs in preparation for scanning the QR code
when creating the shared secret.

* Google playstore:
** [https://play.google.com/store/apps/details?id=org.shadowice.flocke.andotp andOTP Authenticator]
** [https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp FreeOTP Authenticator]
** [https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis Aegis Authenticator]
** [https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 Google Authenticator]
** [https://play.google.com/store/apps/details?id=com.yubico.yubioath Yubico Authenticator]

* Apple appstore:
** [https://apps.apple.com/us/app/freeotp-authenticator/id872559395 FreeOTP Authenticator]
** [https://apps.apple.com/us/app/google-authenticator/id388497605 Google Authenticator]
** [https://apps.apple.com/us/app/yubico-authenticator/id1476679808 Yubico Authenticator]

*F-Droid store:
** [https://f-droid.org/en/packages/org.shadowice.flocke.andotp/ andOTP Authenticator]
** [https://f-droid.org/en/packages/com.beemdevelopment.aegis/ Aegis Authenticator]
** [https://f-droid.org/en/packages/com.yubico.yubioath/ Yubico Authenticator]

= Login =
= Login =


Prerequisites for login:
After registration (registration procedure at [[bwForCluster User Access]], the bwForCluster JUSTUS 2 can be accessed via [[ssh]]. Only the secure shell ssh is allowed for login.
* You have registered your account at the registration server for JUSTUS 2 (to register log in to the [[BwForCluster_User_Access#Personal_registration_at_bwForCluster|registration server of JUSTUS2]] and click on "Register" in section of "JUSTUS 2").
* You have set a service password for JUSTUS 2 (to do so login at the [[BwForCluster_User_Access#Personal_registration_at_bwForCluster|registration server of JUSTUS2]] and select "Set Password" in section "JUSTUS 2").
* You have created a TOTP shared secret and imported that secret into a TOTP app on your smartphone (for details see email send by registration server right after account registration).


Thereafter you can access the bwForCluster JUSTUS 2 for Chemistry and Quantum Sciences via [[ssh]]. Only the secure shell ssh is allowed for login.
From Linux machines, you can log in using

From linux machines, you can log in using


ssh <UserID>@justus2.uni-ulm.de
ssh <UserID>@justus2.uni-ulm.de

During log in you must enter the current TOTP value (6-digit number) created with help of the TOTP app on your smartphone and your service password.


To run graphical applications, you can use the -X flag to openssh:
To run graphical applications, you can use the -X flag to openssh:
Line 14: Line 79:




The bwForCluster JUSTUS 2 in Ulm has four dedicated login nodes. The selection of the login node is done automatically. If you are logging in multiple times, different sessions might run on different login nodes.
The bwForCluster Chemistry in Ulm has four dedicated login nodes. The selection of the login node is done automatically. If you are logging in multiple times, different sessions might run
on different login nodes.


The names of the four login nodes are justus2-login01.rz.uni-ulm.de, justus2-login03.rz.uni-ulm.de, justus2-login02.rz.uni-ulm.de, justus2-login04.rz.uni-ulm.de.
The names of the four login nodes are justus2-login01.rz.uni-ulm.de, justus2-login02.rz.uni-ulm.de, justus2-login03.rz.uni-ulm.de, justus2-login04.rz.uni-ulm.de.


These names can be used to access a specific one of the login nodes. In general, you should use justus2.uni-ulm.de to allow us to balance the load over the four login nodes.
These names can be used to access a specific one of the login nodes. In general, you should use justus2.uni-ulm.de to allow us to balance the load over the four login nodes.
Line 75: Line 141:
* short pre- and postprocessing of your batch jobs.
* short pre- and postprocessing of your batch jobs.


To guarantee usability for all users of the bwForCluster you must not run your compute jobs on the login nodes. Compute jobs must be submitted as

To guarantee usability for all users of the system you must not run your compute jobs on the login nodes. Compute jobs must be submitted as [[Batch Jobs]]. Any compute job running on the login nodes may be terminated without any notice.
[[BwForCluster_JUSTUS_2_Slurm_HOWTO|Batch Jobs]]. Any compute job running on the login nodes will be terminated without any notice.


= Further reading =
= Further reading =



* Scientific software is made accessible using the [[Environment Modules]] system
* Scientific software is made accessible using the [[Environment Modules]] system


* Compute jobs must be submitted as [[Batch Jobs]]
* Compute jobs must be submitted as [[BwForCluster_JUSTUS_2_Slurm_HOWTO|Batch Jobs]]

* Jobs needing disk space will need to request it in their job script. See [[Batch Jobs - bwForCluster Chemistry Features]]

* What hardware is available is described in [[Hardware and Architecture (bwForCluster JUSTUS 2|Hardware and Architecture]]


* Jobs needing disk space will need to request it in their job script. See [[BwForCluster_JUSTUS_2_Slurm_HOWTO#How_to_request_local_scratch_.28SSD.2FNVMe.29_at_job_submission.3F|Batch Jobs - request local scratch]]


* What hardware is available is described in [[Hardware and Architecture (bwForCluster JUSTUS 2]]


----
----
[[Category:bwForCluster_JUSTUS2]][[Category:Access]]
[[Category:BwForCluster_JUSTUS_2]][[Category:Access]]

Revision as of 22:17, 6 July 2020

Set service password

Log in to JUSTUS 2 is only possible with a service password. The password of your home organization is not accepted anymore. Therefore please set a service password for JUSTUS 2 by following link "Set password" of section "JUSTUS 2" on the registration server of JUSTUS2 - if you have not done so already.

Create TOTP keys

For better security the log in to JUSTUS 2 requires two factors. In addition to your service password, a time-based one-time password (TOTP) is required as second factor.

To setup a TOTP for your account, please follow the instructions that are sent to you by email right after registering for bwForCluster JUSTUS 2.

In general the TOTP consists of a shared secret, that is stored on our JUSTUS 2 servers and that is imported into a TOTP APP on your smartphone by scanning a QR-code (quick response code).

With help of this APP you can create a temporary TOTP value (6-digit number), that must be entered while logging in to JUSUTS 2. Please be aware that the TOTP value changes every 30 seconds. So always enter the current 6-digit number as displayed by the TOTP app.

Another important thing to remember is, that the TOTP value is valid only once. It is a one time password. Once entered correctly, it can no longer be used. For example when you have entered a correct TOTP value, but a wrong password, the login will ask you for the TOTP value again. In such cases please wait for a new TOTP, thus please wait for the next 30 seconds time frame.

Here are some examples for TOTP generator APPs. You can install one of those APPs in preparation for scanning the QR code when creating the shared secret.

Login

Prerequisites for login:

  • You have registered your account at the registration server for JUSTUS 2 (to register log in to the registration server of JUSTUS2 and click on "Register" in section of "JUSTUS 2").
  • You have set a service password for JUSTUS 2 (to do so login at the registration server of JUSTUS2 and select "Set Password" in section "JUSTUS 2").
  • You have created a TOTP shared secret and imported that secret into a TOTP app on your smartphone (for details see email send by registration server right after account registration).

Thereafter you can access the bwForCluster JUSTUS 2 for Chemistry and Quantum Sciences via ssh. Only the secure shell ssh is allowed for login.

From linux machines, you can log in using

ssh <UserID>@justus2.uni-ulm.de

During log in you must enter the current TOTP value (6-digit number) created with help of the TOTP app on your smartphone and your service password.

To run graphical applications, you can use the -X flag to openssh:

ssh -X <UserID>@justus2.uni-ulm.de

For better performance on slow connections you should use e.g. VNC.


The bwForCluster Chemistry in Ulm has four dedicated login nodes. The selection of the login node is done automatically. If you are logging in multiple times, different sessions might run on different login nodes.

The names of the four login nodes are justus2-login01.rz.uni-ulm.de, justus2-login02.rz.uni-ulm.de, justus2-login03.rz.uni-ulm.de, justus2-login04.rz.uni-ulm.de.

These names can be used to access a specific one of the login nodes. In general, you should use justus2.uni-ulm.de to allow us to balance the load over the four login nodes.


About UserID / Username

<UserID> of the ssh command is a placeholder for your username at your home organization and a prefix denoting your organization. Prefixes and resulting user names are as follows:

Site Prefix Username
Freiburg fr fr_username
Heidelberg hd hd_username
Hohenheim ho ho_username
Karlsruhe ka ka_username
Konstanz kn kn_username
Mannheim ma ma_username
Stuttgart st st_username
Tübingen tu tu_username
Ulm ul ul_username

Allowed activities on login nodes

The login nodes are the access point to the compute system and its $HOME directory. The login nodes are shared with all the users of the cluster. Therefore, your activities on the login nodes are limited to primarily set up your batch jobs. Your activities may also be:

  • compilation of your program code and
  • short pre- and postprocessing of your batch jobs.

To guarantee usability for all users of the bwForCluster you must not run your compute jobs on the login nodes. Compute jobs must be submitted as Batch Jobs. Any compute job running on the login nodes will be terminated without any notice.

Further reading