Hprc banner tamu.png


Revision as of 12:11, 23 August 2018 by Ljordan56 (talk | contribs) (Ada Access)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Ada Access

Access Using SSH

SSH Login (TAMU)

To connect to HPRC clusters, you must use SSH (Secure Shell). SSH is a client-server software that provides for secure (by encryption) logins and other communication between two hosts. SSH is freely available on the Internet for Linux/Unix and PC Windows (in the guise of MobaXterm).

To initiate SSH connection to target cluster's login node, find the hostname (terra/grace) and credential (userID/password) info from Table 1 below. For example, if you are connecting to Grace cluster from a terminal enter:

[user1@localhost ~]$ ssh NetID@grace.hprc.tamu.edu

where the grace.hprc.tamu.edu address is a DNS round-robin alias for grace[1-4].tamu.edu. You will be prompted for your password in order to establish authentication. Once you login into one of the login nodes, the shell's prompt will be [NetID].grace[1-8].

If, however, you are connecting for the very first time, you will see a message similar to the following before arriving at the password prompt:

The authenticity of host 'grace (' can't be established.
ECDSA key fingerprint is SHA256:SfQPtDJW30sj4kG2c4KGFw7LcEduSOFeXGIlsf4WhEA.
ECDSA key fingerprint is MD5:9c:ea:ba:22:0f:6f:1e:b9:0c:21:d4:b6:70:0f:a0:d5.
Are you sure you want to continue connecting (yes/no)? 

Type yes and you will then be presented with the password prompt.

Warning: Permanently added 'grace' (ECDSA) to the list of known hosts.
NetID@grace.hprc.tamu.edu's password:
Table 1: Hostname and credential info of HPRC clusters (NetID login)
Cluster Hostname Number of login nodes Credential (UserID / Password)
Terra terra.tamu.edu 3 (terra1 ~ terra3) NetID / NetID password
Grace grace.hprc.tamu.edu 5 (grace1 ~ grace5) NetID / NetID password
FASTER faster.hprc.tamu.edu 2 (faster1 ~ faster2) NetID / NetID password

Off-campus Access (TAMU)

For connecting to cluster login nodes from outside the campus, you need to activate Virtual Private Network (VPN) first, then initiate SSH connection to the cluster login nodes. You can find VPN installation instructions from TAMU ServiceNow Knowledge Base page on VPN.

WSL and Windows Users Attention: If the above off-campus access method does not work, the following options are available:

1. Download the Cisco AnyConnect client from the Microsoft Store. Credential entry will be identical to logging into other TAMU resources utilizing CAS authentication.

2. PowerShell: you will use syntax similar to when you use WSL. For example: To access Grace, you will use "ssh [NetID]@grace.hprc.tamu.edu"

3. Shell Access via the portal: you will access portal.hprc.tamu.edu and choose portal (Grace or Terra. On the top bar, choose "Clusters" then choose the "Shell Access" option.

Two-Factor Authentication Requirement (TAMU)

Starting October 1, 2018, the Division of Information Technology will require use of Duo NetID Two Factor Authentication on its Virtual Private Network (VPN) (connect.tamu.edu) service.

Duo provides a second layer of security to Texas A&M accounts.

If you are not already enrolled in Duo and plan to use VPN, you can enroll now at duo.tamu.edu. Enrolling is as easy as 1-2-3:

1. Choose your device and download the Duo Mobile app. (We strongly recommend the mobile app as the most user-friendly option.)

2. Start your enrollment at https://gateway.tamu.edu/duo-enroll/;

3. Remember: Once you sign up, you will need your Duo-enrolled device when you log in to most Texas A&M resources.

For more information, consult IT's knowledge base article for Duo: https://u.tamu.edu/KB0012105

Access via Portal

The TAMU HPRC OnDemand portal provides a variety of services which are accessible from the TAMU network or VPN. More information can be found here.

Detailed Access Information

For more in-depth information on accessing the TAMU HPRC clusters and guides for configuring your SSH client, see the Detailed Access page.

Ada-Specific Information

Login Nodes

There are a total of 8 Ada login nodes. Connecting to ada.tamu.edu will direct you to one of the 8 nodes based on a round-robin queue.

You can connect to a particular node by utilizing the node-specific names. For example, to connect to Ada login node 3:

[user1@localhost ~]$ ssh NetID@ada3.tamu.edu

Login nodes differ in hardware configuration. To see information on the Ada login node configurations, see the Ada Login Node Hardware section of the Ada Hardware Introduction page.

Fast-Transfer Nodes

Fast-transfer nodes are available to accelerate the transfer of large files to and from the Ada/Curie shared filesystem.

For information on the fast-transfer nodes, see the Ada Filesystems and Files page.

Login Error

If you see:

Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /Users/NetID/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/NetID/.ssh/known_hosts:6
RSA host key for ada.tamu.edu has changed and you have requested strict checking.
Host key verification failed.

Then see the fix below:

The problem rests in the known_hosts file on your local computer. This file contains identification of hosts (remote locations) you've visited with ssh. When the provided identification is different than the stored identification, you get this error. This is done to prevent man-in-the-middle attacks. This is not a MitM attack, the identification just changed during Ada maintenance.
If you are using Windows and MobaXterm, try typing the following:
  ssh-keygen -f "~/.ssh/known_hosts" -R ada.tamu.edu
You may need to use all the permutations of the ada hostname you use. For example, if your particular error said "ada5":
    ssh-keygen -f "~/.ssh/known_hosts" -R ada5.tamu.edu