Difference between revisions of "JUSTUS2/Login"

From bwHPC Wiki
Jump to: navigation, search
(Create TOTP keys)
 
(37 intermediate revisions by 3 users not shown)
Line 1: Line 1:
  +
{|style="background:#deffee; width:100%;"
  +
|style="padding:5px; background:#cef2e0; text-align:left"|
  +
[[Image:Attention.svg|center|25px]]
  +
|style="padding:5px; background:#cef2e0; text-align:left"|
  +
Access to the bwForCluster is only possible from IP addresses within the [https://www.belwue.de BelWü] network.
  +
If your computer is in your University network (e.g. at your office), you should be able to connect directly.
  +
From outside the BelWü network (e.g. at home), a VPN (virtual private network) connection to your University network must be established first. Please consult the VPN documentation of your University. You can learn your current hostname/IP at e.g. https://myhostname.net/
  +
|}
   
  +
'''Prerequisites for successful login:'''
= Set service password =
 
   
  +
You need to have
<b>Log in to JUSTUS 2 is only possible with a service password.</b>
 
  +
* followed the 3-step [[Registration]] procedure.
The password of your home organization is not accepted anymore.
 
  +
* [[Registration/bwForCluster/JUSTUS2|created an account]] at the registration server for JUSTUS2.
Therefore please set a service password for JUSTUS 2 by following
 
  +
* [[Registration/Password|set a service password]] for JUSTUS2.
link "Set password" of section "JUSTUS 2" on the
 
  +
* [[Registration/2FA|set up a time-based one-time password (TOTP)]] for the two factor authentication (2FA)
[[BwForCluster_User_Access#Personal_registration_at_bwForCluster|registration server of JUSTUS2]]
 
- if you have not done so already.
 
   
= Setup TOTP system =
+
= Login to JUSTUS 2 =
   
  +
Login to bwForCluster bwForCluster JUSTUS 2 is only possible with a Secure Shell (SSH) client for which you must know your username on the cluster and the hostname of the login nodes.
For better security the log in to JUSTUS 2 requires two factors.
 
  +
For more gneral information on SSH clients, visit the [[Registration/Login/Client|SSH clients Guide]].
In addition to your service password, a time-based one-time
 
password (TOTP) is required as second factor.
 
   
  +
== Username ==
<b>To setup the TOTP system for your account, please follow the
 
instructions that are sent to you by email right after registering
 
for bwForCluster JUSTUS 2.</b>
 
   
In general the TOTP consists of a shared secret, that is stored
+
Your username on bwForCluster JUSTUS 2 consists of a prefix and your local username.
  +
For prefixes please refer to the [[Registration/Login/Username|Username Guide]].
on our JUSTUS 2 servers <b>and</b> that is imported into a TOTP app
 
on your smartphone.
 
   
  +
Example: If your local username at your University is <code>ab12</code> and you are a user from Ulm University, your username on the cluster is: <code>ul_abc12</code>.
With help of this app you can create a temporary TOTP value (6-digit number),
 
that must be entered while logging in to JUSTUS 2.
 
Please be aware that the TOTP value changes every 30 seconds.
 
So always enter the current 6-digit number as displayed by
 
the TOTP app.
 
   
  +
== Hostnames ==
Another important thing to remember is, that the TOTP value is
 
valid only once. It is a <b>one time</b> password. Once entered correctly,
 
it can no longer be used. For example when you have entered
 
a correct TOTP value, but a wrong password, the login will ask
 
you for the TOTP value again. In such cases please wait for
 
a new TOTP, thus please wait for the next 30 seconds time frame.
 
   
  +
JUSTUS 2 has four login nodes. We use DNS round-robin scheduling to load-balance the incoming connections between the nodes. If you are logging in multiple times, different sessions might run on different login nodes and hence programs started in one session might not be visible in another sessions.
Here are some examples for TOTP generator APPs. Please install
 
one of those APPs in preparation for scanning the QR code
 
when creating the shared secret.
 
   
  +
{| class="wikitable"
* Google playstore:
 
  +
! Hostname !! Destination
** [https://play.google.com/store/apps/details?id=org.shadowice.flocke.andotp andOTP Authenticator]
 
  +
|-
** [https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp FreeOTP Authenticator]
 
  +
| '''justus2.uni-ulm.de''' || any one of the login nodes
** [https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis Aegis Authenticator]
 
  +
|-
** [https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 Google Authenticator]
 
  +
| justus2-login01.rz.uni-ulm.de || login node 01
** [https://play.google.com/store/apps/details?id=com.yubico.yubioath Yubico Authenticator]
 
  +
|-
  +
| justus2-login02.rz.uni-ulm.de || login node 02
  +
|-
  +
| justus2-login03.rz.uni-ulm.de || login node 03
  +
|-
  +
| justus2-login04.rz.uni-ulm.de || login node 04
  +
|}
   
  +
'''Note:''' justus2-login02.rz.uni-ulm.de serves as test environment for internal use and is omitted in DNS round-robin.
* Apple appstore:
 
** [https://apps.apple.com/us/app/freeotp-authenticator/id872559395 FreeOTP Authenticator]
 
** [https://apps.apple.com/us/app/google-authenticator/id388497605 Google Authenticator]
 
** [https://apps.apple.com/us/app/yubico-authenticator/id1476679808 Yubico Authenticator]
 
   
  +
There are further two visualization nodes for use with [[VNC]]:
*F-Droid store:
 
** [https://f-droid.org/en/packages/org.shadowice.flocke.andotp/ andOTP Authenticator]
 
** [https://f-droid.org/en/packages/com.beemdevelopment.aegis/ Aegis Authenticator]
 
** [https://f-droid.org/en/packages/com.yubico.yubioath/ Yubico Authenticator]
 
   
  +
{| class="wikitable"
= Login =
 
  +
! Hostname !! Destination
  +
|-
  +
| '''justus2-vis.uni-ulm.de''' || any one of the visualization nodes
  +
|-
  +
| justus2-vis01.rz.uni-ulm.de || vis node 01
  +
|-
  +
| justus2-vis02.rz.uni-ulm.de || vis node 02
  +
|}
   
  +
== Login with SSH command (Linux, Mac, Windows) ==
Prerequisites for login:
 
* You have registered your account at the registration server for JUSTUS 2 (to register log in to the [[BwForCluster_User_Access#Personal_registration_at_bwForCluster|registration server of JUSTUS2]] and click on "Register" in section of "JUSTUS 2").
 
* You have set a service password for JUSTUS 2 (to do so login at the [[BwForCluster_User_Access#Personal_registration_at_bwForCluster|registration server of JUSTUS2]] and select "Set Password" in section "JUSTUS 2").
 
* You have created a TOTP shared secret and imported that secret into a TOTP app on your smartphone (for details see email send by registration server right after account registration).
 
   
  +
Most Unix and Unix-like operating systems like Linux or MacOS come with a built-in SSH client provided by the OpenSSH project.
Thereafter you can access the bwForCluster JUSTUS 2 for Chemistry and Quantum Sciences via [[ssh]]. Only the secure shell ssh is allowed for login.
 
  +
More recent versions of Windows 10 and Windows 11 using the [https://docs.microsoft.com/en-us/windows/wsl/install Windows Subsystem for Linux] (WSL) also come with a built-in OpenSSH client.
   
From linux machines, you can log in using
+
From those machines, you can log in using:
   
ssh <UserID>@justus2.uni-ulm.de
+
ssh <username>@justus2.uni-ulm.de
   
 
During log in you must enter the current TOTP value (6-digit number) created with help of the TOTP app on your smartphone and your service password.
 
During log in you must enter the current TOTP value (6-digit number) created with help of the TOTP app on your smartphone and your service password.
Line 74: Line 73:
 
To run graphical applications, you can use the -X flag to openssh:
 
To run graphical applications, you can use the -X flag to openssh:
   
ssh -X <UserID>@justus2.uni-ulm.de
+
ssh -X <username>@justus2.uni-ulm.de
   
 
For better performance on slow connections you should use e.g. [[VNC]].
 
For better performance on slow connections you should use e.g. [[VNC]].
   
   
  +
== Login with graphical SSH client (Windows) ==
The bwForCluster Chemistry in Ulm has four dedicated login nodes. The selection of the login node is done automatically. If you are logging in multiple times, different sessions might run
 
on different login nodes.
 
   
  +
Example MobaXterm for login and file transfer:
The names of the four login nodes are justus2-login01.rz.uni-ulm.de, justus2-login02.rz.uni-ulm.de, justus2-login03.rz.uni-ulm.de, justus2-login04.rz.uni-ulm.de.
 
  +
  +
Start MobaXterm and fill in the following fields:
  +
<pre>
  +
Remote name : justus2.uni-ulm.de
  +
Specify user name : <username>
  +
Port : 22
  +
</pre>
   
  +
After that click on 'ok'. Then a terminal will open where you can enter your credentials.
These names can be used to access a specific one of the login nodes. In general, you should use justus2.uni-ulm.de to allow us to balance the load over the four login nodes.
 
   
  +
== Login Example ==
   
  +
To login to bwForCluster JUSTUS 2, proceed as follows:
== About UserID / Username ==
 
  +
# Login with SSH command or MoabXterm as shown above.
  +
# The system will ask for a one-time password <code>Your OTP:</code>. Please enter your OTP and confirm it with Enter/Return. The OTP is not displayed when typing. If you do not have a second factor yet, please create one (see [[Registration/2FA]]).
  +
# The system will ask you for your service password <code>Password:</code>. Please enter it and confirm it with Enter/Return. The password is not displayed when typing. If you do not have a service password yet or have forgotten it, please create one (see [[Registration/Password]]).
  +
# You will be greeted by the cluster, followed by a shell.
  +
<pre>
  +
$ ssh -l ul_abc12 justus2.uni-ulm.de
  +
Your OTP:
  +
Password:
   
  +
********************************************************************************
<UserID> of the ssh command is a placeholder for your username at your home
 
  +
* *
organization and a prefix denoting your organization. Prefixes and resulting user names are as follows:
 
  +
* Baden-Wuerttemberg Research Cluster *
  +
* Computational Chemistry and Quantum Sciences *
  +
* *
  +
* bwForCluster *
  +
* *
  +
* __ __ __ _____ ______ __ __ _____ ___ *
  +
* / / / / / / / ___/ /_ __/ / / / / / ___/ |__ \ *
  +
* __ / / / / / / \__ \ / / / / / / \__ \ __/ / *
  +
* / /_/ / / /_/ / ___/ / / / / /_/ / ___/ / / __/ *
  +
* \____/ \____/ /____/ /_/ \____/ /____/ /____/ *
  +
* *
  +
* *
  +
* (Rocky 8 / Kernel 4.18 / Lustre 2.12) *
  +
* *
  +
* https://wiki.bwhpc.de/e/JUSTUS2 *
  +
* *
  +
* ticket system: https://www.bwhpc.de/supportportal *
  +
* *
  +
********************************************************************************
  +
Last login: ...
  +
[ul_abc12@login01 ~]$
  +
</pre>
   
  +
== Allowed Activities on Login Nodes ==
{| style="border:3px solid darkgray; margin: 5em auto 5em auto;" width="60%"
 
|-
 
!scope="row" {{Darkgray}} | Site
 
!scope="row" {{Darkgray}}| Prefix
 
!scope="row" {{Darkgray}}| Username
 
|-
 
| Freiburg
 
| fr
 
| fr_username
 
|-
 
|Heidelberg
 
|hd
 
|hd_username
 
|-
 
|Hohenheim
 
|ho
 
|ho_username
 
|-
 
|Karlsruhe
 
|ka
 
|ka_username
 
|-
 
|Konstanz
 
|kn
 
|kn_username
 
|-
 
|Mannheim
 
|ma
 
|ma_username
 
|-
 
|Stuttgart
 
|st
 
|st_username
 
|-
 
|Tübingen
 
|tu
 
|tu_username
 
|-
 
|Ulm
 
|ul
 
|ul_username
 
|}
 
 
== Allowed activities on login nodes ==
 
   
  +
{|style="background:#deffee; width:100%;"
  +
|style="padding:5px; background:#cef2e0; text-align:left"|
  +
[[Image:Attention.svg|center|25px]]
  +
|style="padding:5px; background:#cef2e0; text-align:left"| To guarantee usability for all users of the bwForCluster you must not run your compute jobs on the login nodes. Compute jobs must be submitted as
  +
[[BwForCluster_JUSTUS_2_Slurm_HOWTO|Batch Jobs]]. Any compute job running on the login nodes will be terminated without any notice.
  +
|}
  +
 
The login nodes are the access point to the compute system and its $HOME directory. The login nodes are shared with all the users of the cluster. Therefore, your activities on the login nodes are limited to primarily set up your batch jobs. Your activities may also be:
 
The login nodes are the access point to the compute system and its $HOME directory. The login nodes are shared with all the users of the cluster. Therefore, your activities on the login nodes are limited to primarily set up your batch jobs. Your activities may also be:
 
* compilation of your program code and
 
* compilation of your program code and
 
* short pre- and postprocessing of your batch jobs.
 
* short pre- and postprocessing of your batch jobs.
   
  +
= Related Information =
To guarantee usability for all users of the bwForCluster you must not run your compute jobs on the login nodes. Compute jobs must be submitted as
 
  +
[[BwForCluster_JUSTUS_2_Slurm_HOWTO|Batch Jobs]]. Any compute job running on the login nodes will be terminated without any notice.
 
  +
* If you want to reset your service password, consult the [[Registration/Password|Password Guide]].
  +
* If you want to register a new token for the two factor authentication (2FA), consult the [[Registration/2FA|2FA Guide]].
  +
* If you want to de-register, consult the [[Registration/Deregistration|De-registration Guide]].
  +
  +
   
  +
<!--
 
= Further reading =
 
= Further reading =
   
  +
* [[Data Transfer]] - how to get your files on the cluster
   
 
* Scientific software is made accessible using the [[Environment Modules]] system
 
* Scientific software is made accessible using the [[Environment Modules]] system
Line 153: Line 160:
 
* Jobs needing disk space will need to request it in their job script. See [[BwForCluster_JUSTUS_2_Slurm_HOWTO#How_to_request_local_scratch_.28SSD.2FNVMe.29_at_job_submission.3F|Batch Jobs - request local scratch]]
 
* Jobs needing disk space will need to request it in their job script. See [[BwForCluster_JUSTUS_2_Slurm_HOWTO#How_to_request_local_scratch_.28SSD.2FNVMe.29_at_job_submission.3F|Batch Jobs - request local scratch]]
   
* What hardware is available is described in [[Hardware and Architecture (bwForCluster JUSTUS 2]]
+
* What hardware is available is described in [https://wiki.bwhpc.de/e/Hardware_and_Architecture_(bwForCluster_JUSTUS_2) Hardware and Architecture of bwForCluster JUSTUS 2]
   
  +
-->
 
----
 
----
 
[[Category:BwForCluster_JUSTUS_2]][[Category:Access]]
 
[[Category:BwForCluster_JUSTUS_2]][[Category:Access]]

Latest revision as of 17:15, 22 March 2023

Attention.svg

Access to the bwForCluster is only possible from IP addresses within the BelWü network. If your computer is in your University network (e.g. at your office), you should be able to connect directly. From outside the BelWü network (e.g. at home), a VPN (virtual private network) connection to your University network must be established first. Please consult the VPN documentation of your University. You can learn your current hostname/IP at e.g. https://myhostname.net/

Prerequisites for successful login:

You need to have

1 Login to JUSTUS 2

Login to bwForCluster bwForCluster JUSTUS 2 is only possible with a Secure Shell (SSH) client for which you must know your username on the cluster and the hostname of the login nodes. For more gneral information on SSH clients, visit the SSH clients Guide.

1.1 Username

Your username on bwForCluster JUSTUS 2 consists of a prefix and your local username. For prefixes please refer to the Username Guide.

Example: If your local username at your University is ab12 and you are a user from Ulm University, your username on the cluster is: ul_abc12.

1.2 Hostnames

JUSTUS 2 has four login nodes. We use DNS round-robin scheduling to load-balance the incoming connections between the nodes. If you are logging in multiple times, different sessions might run on different login nodes and hence programs started in one session might not be visible in another sessions.

Hostname Destination
justus2.uni-ulm.de any one of the login nodes
justus2-login01.rz.uni-ulm.de login node 01
justus2-login02.rz.uni-ulm.de login node 02
justus2-login03.rz.uni-ulm.de login node 03
justus2-login04.rz.uni-ulm.de login node 04

Note: justus2-login02.rz.uni-ulm.de serves as test environment for internal use and is omitted in DNS round-robin.

There are further two visualization nodes for use with VNC:

Hostname Destination
justus2-vis.uni-ulm.de any one of the visualization nodes
justus2-vis01.rz.uni-ulm.de vis node 01
justus2-vis02.rz.uni-ulm.de vis node 02

1.3 Login with SSH command (Linux, Mac, Windows)

Most Unix and Unix-like operating systems like Linux or MacOS come with a built-in SSH client provided by the OpenSSH project. More recent versions of Windows 10 and Windows 11 using the Windows Subsystem for Linux (WSL) also come with a built-in OpenSSH client.

From those machines, you can log in using:

ssh <username>@justus2.uni-ulm.de

During log in you must enter the current TOTP value (6-digit number) created with help of the TOTP app on your smartphone and your service password.

To run graphical applications, you can use the -X flag to openssh:

ssh -X <username>@justus2.uni-ulm.de

For better performance on slow connections you should use e.g. VNC.


1.4 Login with graphical SSH client (Windows)

Example MobaXterm for login and file transfer:

Start MobaXterm and fill in the following fields:

Remote name              : justus2.uni-ulm.de
Specify user name        : <username>
Port                     : 22

After that click on 'ok'. Then a terminal will open where you can enter your credentials.

1.5 Login Example

To login to bwForCluster JUSTUS 2, proceed as follows:

  1. Login with SSH command or MoabXterm as shown above.
  2. The system will ask for a one-time password Your OTP:. Please enter your OTP and confirm it with Enter/Return. The OTP is not displayed when typing. If you do not have a second factor yet, please create one (see Registration/2FA).
  3. The system will ask you for your service password Password:. Please enter it and confirm it with Enter/Return. The password is not displayed when typing. If you do not have a service password yet or have forgotten it, please create one (see Registration/Password).
  4. You will be greeted by the cluster, followed by a shell.
$ ssh -l ul_abc12 justus2.uni-ulm.de
Your OTP:
Password: 

********************************************************************************
*                                                                              *
*                     Baden-Wuerttemberg Research Cluster                      *
*                 Computational Chemistry and Quantum Sciences                 *
*                                                                              *
*                                 bwForCluster                                 *
*                                                                              *
*              __   __  __   _____  ______   __  __   _____      ___           *
*             / /  / / / /  / ___/ /_  __/  / / / /  / ___/     |__ \          *
*        __  / /  / / / /   \__ \   / /    / / / /   \__ \      __/ /          *
*       / /_/ /  / /_/ /   ___/ /  / /    / /_/ /   ___/ /     / __/           *
*       \____/   \____/   /____/  /_/     \____/   /____/     /____/           *
*                                                                              *
*                                                                              *
*                   (Rocky 8 / Kernel 4.18 / Lustre 2.12)                      *
*                                                                              *
*                       https://wiki.bwhpc.de/e/JUSTUS2                        *
*                                                                              *
*               ticket system: https://www.bwhpc.de/supportportal              *
*                                                                              *
********************************************************************************
Last login: ...
[ul_abc12@login01 ~]$ 

1.6 Allowed Activities on Login Nodes

Attention.svg
To guarantee usability for all users of the bwForCluster you must not run your compute jobs on the login nodes. Compute jobs must be submitted as

Batch Jobs. Any compute job running on the login nodes will be terminated without any notice.

The login nodes are the access point to the compute system and its $HOME directory. The login nodes are shared with all the users of the cluster. Therefore, your activities on the login nodes are limited to primarily set up your batch jobs. Your activities may also be:

  • compilation of your program code and
  • short pre- and postprocessing of your batch jobs.

2 Related Information

  • If you want to reset your service password, consult the Password Guide.
  • If you want to register a new token for the two factor authentication (2FA), consult the 2FA Guide.
  • If you want to de-register, consult the De-registration Guide.