How to Login: Difference between revisions
No edit summary |
|||
| Line 17: | Line 17: | ||
On Unix/Linux machines, the user should use ssh to log in to the HPCC systems. chizen is the gateway to all HPCC servers. The command: <syntaxhighlight lang="abap"> | On Unix/Linux machines, the user should use ssh to log in to the HPCC systems. chizen is the gateway to all HPCC servers. The command: <syntaxhighlight lang="abap"> | ||
$ ssh <userid>@chizen.csi.cuny.edu | $ ssh <userid>@chizen.csi.cuny.edu | ||
</syntaxhighlight>will log you onto this authentication server. Once | </syntaxhighlight>will log you onto this authentication server. Once logged the users must '''<u>do second login</u>''' to actual login node on production server. <u>'''No jobs can be submitted from gateway.'''</u> HPCC uses single login node so users must login to MHN (Master Head Node) as it shown on following example. Please read carefully message of the day (in red below) since it holds critical information. <syntaxhighlight lang="abap"> | ||
ssh mhn | ssh mhn | ||
Password: | Password: | ||
Revision as of 20:25, 2 May 2023
Notice: Users may not access CUNY computer resources without authorization or use it for purposes beyond the scope of authorization. This includes attempting to circumvent CUNY computer resource system protection facilities by hacking, cracking or similar activities, accessing or using another person's computer account, and allowing another person to access or use the user's account. CUNY computer resources may not be used to gain unauthorized access to another computer system within or outside of CUNY. Users are responsible for all actions performed from their computer account that they permitted or failed to prevent by taking ordinary security precautions.
For security reasons, CUNY only allows users to communicate using SSH. Secure Shell (abbreviated SSH) is a secure means of connecting to a remote server over an encrypted channel. SSH is a protocol designed to allow logging into a remote machine and executing commands on a remote machine using improved secure encrypted communication between two non-trusted hosts over an insecure network, while other protocols like Telnet cannot.
The HPC systems located at the CUNY HPCC accept IP addresses only from the CSI campus. Users not located on the CSI campus must first log into an gateway server. The gateway server for the HPCC is chizen.csi.cuny.edu.
To log into any of the the HPC systems, the user must then ssh from chizen.csi.cuny.edu to the desired HPC system. Currently, HPCC uses single login node MHN. Thus users must ssh to MHN after they login to chizen (gateway).
Logging in from windows machine
If you are using Windows machine locally you need to have SSH client installed on it. While many SSH clients may exist, CUNY strongly recommends the use of CygWin emulator. Cygwin. The popular windows clients like WinSCP or PuTTY can also be used as SSH client. Note that PuTTY scp and WinSCP may not work as Unix scp. Once the suitable SSH client is installed,
users can run it and connect to HPCC. Using the above links you may find documentations on these applications.
Logging in from Unix/Linux
On Unix/Linux machines, the user should use ssh to log in to the HPCC systems. chizen is the gateway to all HPCC servers. The command:
$ ssh <userid>@chizen.csi.cuny.edu
will log you onto this authentication server. Once logged the users must do second login to actual login node on production server. No jobs can be submitted from gateway. HPCC uses single login node so users must login to MHN (Master Head Node) as it shown on following example. Please read carefully message of the day (in red below) since it holds critical information.
ssh mhn
Password:
Last login: Tue Apr 18 10:22:51 2023 from 163.238.128.59
+---------------------------------------------------------------------------------------+
| |
| Please NOTE |
| |
| 1. Running production jobs on login node(s) is strictly forbidden. |
| |
| 2. Access to server may be limited or denied if abuse of above policy is recorded. |
| |
| 3. All jobs must be submitted via SLURM batch sysrtem. All jobs running on login |
| node will be killed and output data will be lost. |
| |
| |
| Please report all non-emergency probems by opening a ticket at: |
| https://hpchelp.csi.cuny.edu |
| |
| Users who cannot open a ticket, but need further help should send E-mail to |
| hpchelp@csi.cuny.edu |
| |
+---------------------------------------------------------------------------------------+
When connecting to any of HPCC hosts for the first time you are asked to validate the authenticity of the key presented by that host. Once you answer yes, that key will be stored. Future logging attempts to that same server will check they key against what is stored in the file:
~/.ssh/known_hosts
In a very rare cases when our team performs reinstallation of the OS host identification will change. If we perform this sort of maintenance all users get a notice from HPC team.
When this happens you get message similar to this:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 5c:0b:18:56:b6:cd:12:10:32:cd:1d:a2:9a:cd:e5:1c. Please contact your system administrator. Add correct host key in /home/userid/.ssh/known_hosts to get rid of this message. Offending key in /home/user/.ssh/known_hosts:3 RSA host key for chizen.csi.cuny.edu has changed and you have requested strict checking. Host key verification failed.
This reads as "remote host information that is kept in your /.ssh/known_hosts at line #3 does not match that remote host, therefore ssh connection can not be established".
To get rid of this message you need to modify you ~/.ssh/known_hosts. Open it in your favorite text editor and delete line #3. After that try to ssh again. You will be asked if you want to save host identification (which is -- if you want to add host identification to your ~/.ssh/known_hosts). Answer "yes" and proceed normally.
However if you get the above ssh warning without our maintenance notice it will be a good idea to contact HPC stuff.
X11 Forwarding or Tunneling
X11 forwarding is required when logging in to a remote location, but an application GUI must be display locally. This could be done with Mathematica for instance, if using the command-line interface was not acceptable.
UNIX clients
X11 forwarding or tunneling back through the 'ssh' connection can be provided by including the flag '-X' to 'ssh' command. For users off the CSI campus, the following forwards X11 traffic back from the HPCC gateway system, CHIZEN, to your desktop:
$ ssh -XY <userid>@chizen.csi.cuny.edu
If you need to then login to ANDY to run Mathematica you will have forward X11 traffic again through the second connection with:
$ ssh -XY <userid>@andy.csi.cuny.edu
Note that double-forwarding will be significantly slower and may make working with a GUI from outside of CSI campus inconvenient.
WINDOWS clients
In order to allow X11 forwarding for Windows-based client CUNY recommends to install Xming -- X Server for Windows. Once Xming is downloaded and installed users should
- once the connection is established start your X application. For example, type in console
xterm
This will give you xterm session.
- once the connection is established start your X application. For example, type in console