- 1 Ada Access
Access Using SSH
To connect to HPRC clusters, you must use SSH (Secure Shell). SSH is a client-server software that provides for secure (by encryption) logins and other communication between two hosts. SSH is freely available on the Internet for Linux/Unix and PC Windows (in the guise of MobaXterm).
To initiate SSH connection to target cluster's login node, find the hostname (terra/grace) and credential (userID/password) info from Table 1 below. For example, if you are connecting to Grace cluster from a terminal enter:
[user1@localhost ~]$ ssh NetID@grace.hprc.tamu.edu
where the grace.hprc.tamu.edu address is a DNS round-robin alias for grace[1-4].tamu.edu. You will be prompted for your password in order to establish authentication. Once you login into one of the login nodes, the shell's prompt will be [NetID].grace[1-8].
If, however, you are connecting for the very first time, you will see a message similar to the following before arriving at the password prompt:
The authenticity of host 'grace (126.96.36.199)' can't be established. ECDSA key fingerprint is SHA256:SfQPtDJW30sj4kG2c4KGFw7LcEduSOFeXGIlsf4WhEA. ECDSA key fingerprint is MD5:9c:ea:ba:22:0f:6f:1e:b9:0c:21:d4:b6:70:0f:a0:d5. Are you sure you want to continue connecting (yes/no)?
Type yes and you will then be presented with the password prompt.
Warning: Permanently added 'grace' (ECDSA) to the list of known hosts. NetID@grace.hprc.tamu.edu's password:
|Cluster||Hostname||Number of login nodes||Credential (UserID / Password)|
|Terra||terra.tamu.edu||3 (terra1 ~ terra3)||NetID / NetID password|
|Grace||grace.hprc.tamu.edu||5 (grace1 ~ grace5)||NetID / NetID password|
|FASTER||faster.hprc.tamu.edu||4 (faster1 ~ faster4)||NetID / NetID password|
For connecting to cluster login nodes from outside the campus, you need to activate Virtual Private Network (VPN) first, then initiate SSH connection to the cluster login nodes. You can find VPN installation instructions from TAMU ServiceNow Knowledge Base page on VPN.
WSL and Windows Users Attention: If the above off-campus access method does not work, the following options are available:
1. Download the Cisco AnyConnect client from the Microsoft Store. Credential entry will be identical to logging into other TAMU resources utilizing CAS authentication.
2. PowerShell: you will use syntax similar to when you use WSL. For example: To access Grace, you will use "ssh [NetID]@grace.hprc.tamu.edu"
3. Shell Access via the portal: you will access portal.hprc.tamu.edu and choose portal (Grace or Terra. On the top bar, choose "Clusters" then choose the "Shell Access" option.
Two-Factor Authentication Requirement
Starting October 1, 2018, the Division of Information Technology will require use of Duo NetID Two Factor Authentication on its Virtual Private Network (VPN) (connect.tamu.edu) service.
Duo provides a second layer of security to Texas A&M accounts.
If you are not already enrolled in Duo and plan to use VPN, you can enroll now at duo.tamu.edu. Enrolling is as easy as 1-2-3:
1. Choose your device and download the Duo Mobile app. (We strongly recommend the mobile app as the most user-friendly option.)
2. Start your enrollment at https://gateway.tamu.edu/duo-enroll/;
3. Remember: Once you sign up, you will need your Duo-enrolled device when you log in to most Texas A&M resources.
For more information, consult IT's knowledge base article for Duo: https://u.tamu.edu/KB0012105
External users (non-TAMU) can apply for an ACCESS ID to gain access to HPRC FASTER and ACES resources. See the Texas A&M ACES resource provider page in the ACCESS documentation to learn how to apply.
As of August 31st, login to FASTER for XSEDE/ACCESS users transitioned from the XSEDE sso hub to the faster jump host.
[user@localhost ~]$ ssh -J [fasterusername]@faster-jump.hprc.tamu.edu:8822 [fasterusername]@login.faster.hprc.tamu.edu
You can find your username(s) under your ACCESS profile: https://allocations.access-ci.org/profile
XSEDE/ACCESS mobaxterm users
MobaXterm offers the capability to use a jump host to connect to a server in a secured network zone. You can configure your SSH session to use a jump host to save time with the login process.
Click on the Session tab to create a new session. Next click SSH in the top ribbon.
Enter login.faster.hprc.tamu.edu into the Remote host * box.
Enter your ACCESS username in the Specify username box.
Open the Advanced SSH Settings tab check the Use Private Key box. Then enter the path to your private key.
Go to the Network Settings tab and enable Connect through SSH gateway (jump host) and enter respective login data. The gateway host should be faster-jump.hprc.tamu.edu and port should be 8822. Click OK.
Start the session by double clicking the session login.faster.hprc.tamu.edu (username) in the left hand ribbon or under the Sessions tab.
Access via Portal
Detailed Access Information
For more in-depth information on accessing the TAMU HPRC clusters and guides for configuring your SSH client, see the Detailed Access page.
There are a total of 8 Ada login nodes. Connecting to ada.tamu.edu will direct you to one of the 8 nodes based on a round-robin queue.
You can connect to a particular node by utilizing the node-specific names. For example, to connect to Ada login node 3:
[user1@localhost ~]$ ssh NetID@ada3.tamu.edu
Fast-transfer nodes are available to accelerate the transfer of large files to and from the Ada/Curie shared filesystem.
For information on the fast-transfer nodes, see the Ada Filesystems and Files page.
If you see:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:BE2HKeEESIGLUHXQSApWGMCXW86RH+dUQhEwPc9mlxo. Please contact your system administrator. Add correct host key in /Users/NetID/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /Users/NetID/.ssh/known_hosts:6 RSA host key for ada.tamu.edu has changed and you have requested strict checking. Host key verification failed.
Then see the fix below:
The problem rests in the known_hosts file on your local computer. This file contains identification of hosts (remote locations) you've visited with ssh. When the provided identification is different than the stored identification, you get this error. This is done to prevent man-in-the-middle attacks. This is not a MitM attack, the identification just changed during Ada maintenance. If you are using Windows and MobaXterm, try typing the following: ssh-keygen -f "~/.ssh/known_hosts" -R ada.tamu.edu You may need to use all the permutations of the ada hostname you use. For example, if your particular error said "ada5": ssh-keygen -f "~/.ssh/known_hosts" -R ada5.tamu.edu