How to Login: Difference between revisions

From HPCC Wiki
Jump to navigation Jump to search
(Created page with "<blockquote>''Notice: Users may not access CUNY computer resources without authorization or use it for purposes beyond the scope of authorization. This includes attempting to circumvent CUNY computer resource system protection facilities by hacking, cracking or similar activities, accessing or using another person's computer account, and allowing another person to access or use the user's account. CUNY computer resources may not be used to gain unauthorized access to an...")
 
 
(3 intermediate revisions by one other user not shown)
Line 5: Line 5:
For security reasons, CUNY only allows users to communicate using SSH. Secure Shell (abbreviated SSH) is a secure means of connecting to a remote server over an encrypted channel. SSH is a protocol designed to allow logging into a remote machine and executing commands on a remote machine using improved secure encrypted communication between two non-trusted hosts over an insecure network, while other protocols like Telnet cannot.
For security reasons, CUNY only allows users to communicate using SSH. Secure Shell (abbreviated SSH) is a secure means of connecting to a remote server over an encrypted channel. SSH is a protocol designed to allow logging into a remote machine and executing commands on a remote machine using improved secure encrypted communication between two non-trusted hosts over an insecure network, while other protocols like Telnet cannot.


The HPC systems located at the CUNY HPCC accept IP addresses only from the CSI campus.  Users not located on the CSI campus must first log into an gateway server. The gateway server for the HPCC is <code>chizen.csi.cuny.edu</code>. To log into the HPC systems, the user must then ssh from <code>chizen.csi.cuny.edu</code> to the desired HPC system.
The HPC systems located at the CUNY HPCC accept IP addresses only from the CSI campus.  Users not located on the CSI campus must first log into an gateway server. The gateway server for the HPCC is <code>chizen.csi.cuny.edu</code>.  
 


'''To log into any of the the HPC systems, the user must then ssh from <code>chizen.csi.cuny.edu</code> to the desired HPC system. Currently, HPCC uses single login node MHN. Thus users must ssh to MHN after they login to chizen (gateway).'''
<br/>
<br/>
== Logging in from windows machine ==
== Logging in from windows machine ==
Line 14: Line 14:
users can run it and connect to HPCC. Using the above links you may find documentations on these applications.  
users can run it and connect to HPCC. Using the above links you may find documentations on these applications.  
<br/>
<br/>
== Logging in from Unix ==
== Logging in from Unix/Linux ==
On Unix/Linux machines, the user should use ssh to log in to the HPCC systems. Under most Linux and Unix, ssh command is located in /usr/bin. Please refer to corresponding manpage.  
On Unix/Linux machines, the user should use ssh to log in to the HPCC systems. chizen is the gateway to all HPCC servers. The command: <syntaxhighlight lang="abap">
 
$ ssh <userid>@chizen.csi.cuny.edu  
Command
</syntaxhighlight>will log you onto this authentication server. Once logged the users must '''<u>do second login</u>''' to actual login node on production server. <u>'''No jobs can be submitted from gateway.'''</u> HPCC uses single login node so users must login to MHN (Master Head Node) as it shown on following example. Please read carefully message of the day (in red below) since it holds critical information. <syntaxhighlight lang="abap">
 
ssh arrow
  $ ssh <font color="red"><userid></font>@chizen.csi.cuny.edu  
Password:  
 
Last login: Tue Apr 18 10:22:51 2023 from 163.238.128.59
will log you onto authentication server. Once you are logged therу you are ready to go to one of the HPCC system (andy in this example)
 
  [userid@chizen ~]$ ssh andy
 
 
  <userid>@andy's password: YouR_password**HeRE
  Last login: Mon Oct 20 13:04:23 2008 from chizen.csi.cuny.edu
  Rocks 5.0 (V)
  Profile built 19:20 30-Sep-2008
  Kickstarted 16:04 30-Sep-2008
  [<userid>@andy ~]$


When connecting to any of our hosts for the first time you are asked to validate the authenticity of the key presented by that host. Once you answer yes, that key will be stored. Future logging attempts to that same server will check they key against what is stored in the file:
+---------------------------------------------------------------------------------------+
 
|                                                                                      |
|                                    Please NOTE                                      |
|                                                                                      |
|  1. Running production jobs on login node(s) is strictly forbidden.                  |
|                                                                                      |
|  2. Access to server may be limited or denied if abuse of above policy is recorded.  |
|                                                                                      |
|  3. All jobs must be submitted via SLURM batch system. All jobs running on login    |
|      node will be killed and output data will be lost.                                |
|                                                                                      |
|                                                                                      |
|          Please report all non-emergency probems by opening a ticket at:            |
|                              https://hpchelp.csi.cuny.edu                            |
|                                                                                      |
|      Users who cannot open a ticket, but need further help should send E-mail to    |
|                              hpchelp@csi.cuny.edu                                    |
|                                                                                      |
+---------------------------------------------------------------------------------------+
</syntaxhighlight>When connecting to any of HPCC hosts for the first time you are asked to validate the authenticity of the key presented by that host. Once you answer yes, that key will be stored. Future logging attempts to that same server will check they key against what is stored in the file:
   ~/.ssh/known_hosts
   ~/.ssh/known_hosts


Latest revision as of 15:39, 3 January 2025

Notice: Users may not access CUNY computer resources without authorization or use it for purposes beyond the scope of authorization. This includes attempting to circumvent CUNY computer resource system protection facilities by hacking, cracking or similar activities, accessing or using another person's computer account, and allowing another person to access or use the user's account. CUNY computer resources may not be used to gain unauthorized access to another computer system within or outside of CUNY. Users are responsible for all actions performed from their computer account that they permitted or failed to prevent by taking ordinary security precautions.

For security reasons, CUNY only allows users to communicate using SSH. Secure Shell (abbreviated SSH) is a secure means of connecting to a remote server over an encrypted channel. SSH is a protocol designed to allow logging into a remote machine and executing commands on a remote machine using improved secure encrypted communication between two non-trusted hosts over an insecure network, while other protocols like Telnet cannot.

The HPC systems located at the CUNY HPCC accept IP addresses only from the CSI campus. Users not located on the CSI campus must first log into an gateway server. The gateway server for the HPCC is chizen.csi.cuny.edu.

To log into any of the the HPC systems, the user must then ssh from chizen.csi.cuny.edu to the desired HPC system. Currently, HPCC uses single login node MHN. Thus users must ssh to MHN after they login to chizen (gateway).

Logging in from windows machine

If you are using Windows machine locally you need to have SSH client installed on it. While many SSH clients may exist, CUNY strongly recommends the use of CygWin emulator. Cygwin. The popular windows clients like WinSCP or PuTTY can also be used as SSH client. Note that PuTTY scp and WinSCP may not work as Unix scp. Once the suitable SSH client is installed, users can run it and connect to HPCC. Using the above links you may find documentations on these applications.

Logging in from Unix/Linux

On Unix/Linux machines, the user should use ssh to log in to the HPCC systems. chizen is the gateway to all HPCC servers. The command: 

$ ssh <userid>@chizen.csi.cuny.edu

will log you onto this authentication server. Once logged the users must do second login to actual login node on production server. No jobs can be submitted from gateway. HPCC uses single login node so users must login to MHN (Master Head Node) as it shown on following example. Please read carefully message of the day (in red below) since it holds critical information. 

ssh arrow
Password: 
Last login: Tue Apr 18 10:22:51 2023 from 163.238.128.59

+---------------------------------------------------------------------------------------+
|                                                                                       |
|                                     Please NOTE                                       |
|                                                                                       | 
|   1. Running production jobs on login node(s) is strictly forbidden.                  |
|                                                                                       |
|   2. Access to server may be limited or denied if abuse of above policy is recorded.  |
|                                                                                       | 
|   3. All jobs must be submitted via SLURM batch system. All jobs running on login    | 
|      node will be killed and output data will be lost.                                | 
|                                                                                       |
|                                                                                       |
|           Please report all non-emergency probems by opening a ticket at:             |
|                               https://hpchelp.csi.cuny.edu                            |
|                                                                                       |
|       Users who cannot open a ticket, but need further help should send E-mail to     | 
|                               hpchelp@csi.cuny.edu                                    |
|                                                                                       |
+---------------------------------------------------------------------------------------+

When connecting to any of HPCC hosts for the first time you are asked to validate the authenticity of the key presented by that host. Once you answer yes, that key will be stored. Future logging attempts to that same server will check they key against what is stored in the file: 

  ~/.ssh/known_hosts

In a very rare cases when our team performs reinstallation of the OS host identification will change. If we perform this sort of maintenance all users get a notice from HPC team.

When this happens you get message similar to this: 

  @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
  @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
  Someone could be eavesdropping on you right now (man-in-the-middle attack)!
  It is also possible that the RSA host key has just been changed.
  The fingerprint for the RSA key sent by the remote host is
  5c:0b:18:56:b6:cd:12:10:32:cd:1d:a2:9a:cd:e5:1c.
  Please contact your system administrator.
  Add correct host key in /home/userid/.ssh/known_hosts to get rid of this message.
  Offending key in /home/user/.ssh/known_hosts:3
  RSA host key for chizen.csi.cuny.edu has changed and you have requested strict checking.
  Host key verification failed.

This reads as "remote host information that is kept in your /.ssh/known_hosts at line #3 does not match that remote host, therefore ssh connection can not be established".

To get rid of this message you need to modify you ~/.ssh/known_hosts. Open it in your favorite text editor and delete line #3. After that try to ssh again. You will be asked if you want to save host identification (which is -- if you want to add host identification to your ~/.ssh/known_hosts). Answer "yes" and proceed normally.

However if you get the above ssh warning without our maintenance notice it will be a good idea to contact HPC stuff.



X11 Forwarding or Tunneling

X11 forwarding is required when logging in to a remote location, but an application GUI must be display locally. This could be done with Mathematica for instance, if using the command-line interface was not acceptable.

UNIX clients

X11 forwarding or tunneling back through the 'ssh' connection can be provided by including the flag '-X' to 'ssh' command. For users off the CSI campus, the following forwards X11 traffic back from the HPCC gateway system, CHIZEN, to your desktop: 

  $ ssh -XY <userid>@chizen.csi.cuny.edu

If you need to then login to ANDY to run Mathematica you will have forward X11 traffic again through the second connection with: 

  $ ssh -XY <userid>@andy.csi.cuny.edu

Note that double-forwarding will be significantly slower and may make working with a GUI from outside of CSI campus inconvenient.

WINDOWS clients

In order to allow X11 forwarding for Windows-based client CUNY recommends to install Xming -- X Server for Windows. Once Xming is downloaded and installed users should

  • start the server
  • connect to remote machine using PuTTY with X11 forwarding enabled:

File:Configputty.JPG

  • once the connection is established start your X application. For example, type in console 
    xterm
    This will give you xterm session.
Retrieved from "http://163.238.128.48/cunyhpc/index.php?title=How_to_Login&oldid=728"