Difference between revisions of "BwForCluster JUSTUS2 Login"

From bwHPC Wiki
Jump to: navigation, search
(Set JUSTUS 2 service password)
(Setup TOTP system)
Line 11: Line 11:
 
= Setup TOTP system =
 
= Setup TOTP system =
   
For better security the log in to JUSTUS 2 requires two factors.
+
For better security the log in to JUSTUS 2 is based on
  +
two factor authentication (2FA) methods.
 
In addition to your service password, a time-based one-time
 
In addition to your service password, a time-based one-time
 
password (TOTP) is required as second factor.
 
password (TOTP) is required as second factor.
   
  +
Usually you should have setup a hardware or software token
<b>To setup the TOTP system for your account, please follow the
 
  +
for creating TOTPs already at this point.
instructions that are sent to you by email right after registering
 
  +
If this is still missing, then please follow the instructions
for bwForCluster JUSTUS 2.</b>
 
  +
for registering a new 2FA token on the following page: [[BwForCluster User Access/2FA Tokens]]
 
In general the TOTP consists of a shared secret, that is stored
 
on our JUSTUS 2 servers <b>and</b> that is imported into a TOTP app
 
on your smartphone.
 
 
With help of this app you can create a temporary TOTP value (6-digit number),
 
that must be entered while logging in to JUSTUS 2.
 
Please be aware that the TOTP value changes every 30 seconds.
 
So always enter the current 6-digit number as displayed by
 
the TOTP app.
 
 
Another important thing to remember is, that the TOTP value is
 
valid only once. It is a <b>one time</b> password. Once entered correctly,
 
it can no longer be used. For example when you have entered
 
a correct TOTP value, but a wrong password, the login will ask
 
you for the TOTP value again. In such cases please wait for
 
a new TOTP, thus please wait for the next 30 seconds time frame.
 
 
Here are some examples for TOTP generator APPs. Please install
 
one of those APPs in preparation for scanning the QR code
 
when creating the shared secret.
 
 
* Google playstore:
 
** [https://play.google.com/store/apps/details?id=org.shadowice.flocke.andotp andOTP Authenticator]
 
** [https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp FreeOTP Authenticator]
 
** [https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis Aegis Authenticator]
 
** [https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 Google Authenticator]
 
** [https://play.google.com/store/apps/details?id=com.yubico.yubioath Yubico Authenticator]
 
 
* Apple appstore:
 
** [https://apps.apple.com/us/app/freeotp-authenticator/id872559395 FreeOTP Authenticator]
 
** [https://apps.apple.com/us/app/google-authenticator/id388497605 Google Authenticator]
 
** [https://apps.apple.com/us/app/yubico-authenticator/id1476679808 Yubico Authenticator]
 
 
*F-Droid store:
 
** [https://f-droid.org/en/packages/org.shadowice.flocke.andotp/ andOTP Authenticator]
 
** [https://f-droid.org/en/packages/com.beemdevelopment.aegis/ Aegis Authenticator]
 
** [https://f-droid.org/en/packages/com.yubico.yubioath/ Yubico Authenticator]
 
   
 
= Login to JUSTUS 2 =
 
= Login to JUSTUS 2 =

Revision as of 19:41, 28 October 2020

1 Set JUSTUS 2 service password

Log in to JUSTUS 2 is only possible with a service password. The password of your home organization is not accepted anymore. Therefore please set a service password for JUSTUS 2 by following link "Set password" of section "JUSTUS 2" on the [registration server of JUSTUS2] - if you have not done so already.

2 Setup TOTP system

For better security the log in to JUSTUS 2 is based on two factor authentication (2FA) methods. In addition to your service password, a time-based one-time password (TOTP) is required as second factor.

Usually you should have setup a hardware or software token for creating TOTPs already at this point. If this is still missing, then please follow the instructions for registering a new 2FA token on the following page: BwForCluster User Access/2FA Tokens

3 Login to JUSTUS 2

Prerequisites for login:

  • You have registered your account at the registration server for JUSTUS 2 (for registration, log in to the registration server of JUSTUS2 and click on "Register" in section "JUSTUS 2").
  • You have set a service password for JUSTUS 2 (to do so login at the registration server of JUSTUS2 and select "Set Password" in section "JUSTUS 2").
  • You have created a TOTP shared secret and imported that secret into a TOTP app on your smartphone (for details see email send by registration server right after account registration).

Thereafter you can access the bwForCluster JUSTUS 2 for Computational Chemistry and Quantum Sciences via ssh. Only the secure shell ssh is allowed for login.

From linux machines, you can log in using

ssh <UserID>@justus2.uni-ulm.de

During log in you must enter the current TOTP value (6-digit number) created with help of the TOTP app on your smartphone and your service password.

To run graphical applications, you can use the -X flag to openssh:

ssh -X <UserID>@justus2.uni-ulm.de

For better performance on slow connections you should use e.g. VNC.


The bwForCluster Chemistry in Ulm has four dedicated login nodes. The selection of the login node is done automatically. If you are logging in multiple times, different sessions might run on different login nodes.

The names of the four login nodes are justus2-login01.rz.uni-ulm.de, justus2-login02.rz.uni-ulm.de, justus2-login03.rz.uni-ulm.de, justus2-login04.rz.uni-ulm.de.

These names can be used to access a specific one of the login nodes. In general, you should use justus2.uni-ulm.de to allow us to balance the load over the four login nodes.


3.1 About UserID / Username

<UserID> of the ssh command is a placeholder for your username at your home organization and a prefix denoting your organization. Prefixes and resulting user names are as follows:

Site Prefix Username
Freiburg fr fr_username
Heidelberg hd hd_username
Hohenheim ho ho_username
Karlsruhe ka ka_username
Konstanz kn kn_username
Mannheim ma ma_username
Stuttgart st st_username
Tübingen tu tu_username
Ulm ul ul_username

3.2 Allowed activities on login nodes

The login nodes are the access point to the compute system and its $HOME directory. The login nodes are shared with all the users of the cluster. Therefore, your activities on the login nodes are limited to primarily set up your batch jobs. Your activities may also be:

  • compilation of your program code and
  • short pre- and postprocessing of your batch jobs.

To guarantee usability for all users of the bwForCluster you must not run your compute jobs on the login nodes. Compute jobs must be submitted as Batch Jobs. Any compute job running on the login nodes will be terminated without any notice.

4 Further reading