Hprc banner tamu.png

HPRC:Access

From TAMU HPRC
Jump to: navigation, search

To connect to HPRC clusters, you must use SSH (Secure Shell). SSH is a client-server software that provides for secure (by encryption) logins and other communication between two hosts. SSH is freely available on the Internet for Linux/Unix and PC Windows (in the guise of MobaXterm).

To initiate SSH connection to target cluster's login node, find the hostname and credential (userID/password) info from Table 1 below. For example, if you are connecting to Ada cluster from a terminal enter:

[user1@localhost ~]$ ssh NetID@ada.tamu.edu

where the ada.tamu.edu address is a DNS round-robin alias for ada[1-8].tamu.edu. You will be prompted for your password in order to establish authentication. Once you login into one of the login nodes, the shell's prompt will be [NetID].ada[1-8].

If, however, you are connecting for the very first time, you will see a message similar to the following before arriving at the password prompt:

The authenticity of host 'ada (165.91.16.18)' can't be established.
ECDSA key fingerprint is SHA256:SfQPtDJW30sj4kG2c4KGFw7LcEduSOFeXGIlsf4WhEA.
ECDSA key fingerprint is MD5:9c:ea:ba:22:0f:6f:1e:b9:0c:21:d4:b6:70:0f:a0:d5.
Are you sure you want to continue connecting (yes/no)? 

Type yes and you will then be presented with the password prompt.

Warning: Permanently added 'ada' (ECDSA) to the list of known hosts.
NetID@ada.tamu.edu's password:
Table 1: Hostname and credential info of HPRC clusters
Cluster Hostname Number of login nodes Credential (UserID / Password)
Ada ada.tamu.edu 8 (ada1 ~ ada8) NetID / NetID password
Curie curie.tamu.edu 2 (curie1 ~ curie2) NetID / NetID password
Terra terra.tamu.edu 3 (terra1 ~ terra3) NetID / NetID password

Off-campus Access

For connecting to cluster login nodes from outside the campus, you need to activate Virtual Private Network (VPN) first, then initiate SSH connection to the cluster login nodes. You can find VPN installation instruction from TAMU ServiceNow Knowledge Base page on VPN.

Two-Factor Authentication Requirement

Starting October 1, 2018, the Division of Information Technology will require use of Duo NetID Two Factor Authentication on its Virtual Private Network (VPN) (connect.tamu.edu) service.

Duo provides a second layer of security to Texas A&M accounts.


If you are not already enrolled in Duo and plan to use VPN, you can enroll now at duo.tamu.edu. Enrolling is as easy as 1-2-3:

1. Choose your device and download the Duo Mobile app. (We strongly recommend the mobile app as the most user-friendly option.)

2. Start your enrollment at https://gateway.tamu.edu/duo-enroll/;

3. Remember: Once you sign up, you will need your Duo-enrolled device when you log in to most Texas A&M resources.

For more information, consult IT's knowledge base article for Duo: https://u.tamu.edu/KB0012105

Access from Windows

Using MobaXterm (Recommended)

MobaXterm is an enhanced terminal for Windows with a built-in X11 server, tabbed SSH client, built-in file editor, SFTP functionality, and other useful features. You may download MobaXterm from: http://mobaxterm.mobatek.net/download.html

You will need to choose which license (free Home edition, or professional) and then select the Portable or Installer edition. The Installer edition works best on your personal machine, when you have the privileges to install software. The portable version may be necessary when using a lab workstation, for example. (Be sure to check if MobaXterm is already installed in the Windows Start menu.)


Configuration

You may create saved sessions for connecting to ada.tamu.edu or other HPRC clusters, for your convenience. See http://mobaxterm.mobatek.net/documentation.html#1_2 for instructions. For example:

MobaXterm SSH


IMPORTANT: When asked if you would like to save your password, choose "No" to avoid potential security exploits.

MobaXterm save password


Two factor authentication

1. On the top left corner of MobaXterm window, click 'Session' button.
Moba-0.png

2. You will be prompted with a window which asks for your session settings.

3. Enter the 'Remote Host' (e.g. ada.tamu.edu, terra.tamu.edu, etc.) you would like to connect to.

4. Select 'Specify', then enter your username (your NetID).

5. Enter the 'Port Number' 22 (the default should be 22).
Moba-1.png

6. Press enter.

7. You will be prompt to authentication with Duo (either using mobile app, text message or call).

8. If you wish to open the session again, open the 'Session' tab on the left side of the screen and double-click the appropriate session to launch.
Moba-2.png



File Transfer

1. On the top left corner of MobaXterm window, click Session button.

2. Choose 'SFTP' session type.

3. Enter remote host (e.g. ada.tamu.edu, terra.tamu.edu, etc.) and username (your netID).

4. Go to 'Advanced Sftp settings' and check '2-steps authentication' checkbox.

5. After you select 'Ok', you will be prompted with Duo Authentication method (Push, Call, Text, Second device, etc). Select the appropriate option. Do not type your TAMU password.

Example Duo Authentication methods (You won't see this, it is just to remind you of the format of Duo Authentication options)

Enter a passcode or select one of the following options:

 1. Duo Push to XXX-XXX-1234
 2. Duo Push to iOS
 3. Phone call to XXX-XXX-1234

Your Duo settings will be different



File Transfers

On the left-hand side of the MobaXterm window, different tabs are available. The labels are written vertically. Choosing the "Sftp" tab will display a file tree of the remote machine to which you are connected, such as:

MobaXterm file explore


You may choose files to edit with the built-in editor. You may also transfer files from your Windows machine to the remote cluster, and vice versa. Just drag a local file (from a Windows File Explorer window or similar program) to the SFTP file tree on the left side of the MobaXterm window.


Remote Display of Programs with Graphical Interfaces

By default, MobaXterm connections have X11 forwarding available. So, when you connect to ada.tamu.edu or other machine, you should be able to run an X-Windows program by simply typing the command. That will open the program in a new window behind the MobaXterm main window.


Running MobaXterm on Open Access Lab workstations

Verify MobaXterm is installed

After logging in to Open Access Labs (OAL) workstation, click on the magnifying glass to search for an installed program. As you start typing "MobaXterm", matching programs will be displayed on the left-hand side of the screen, above the search field.

find MobaXterm on Open Access Lab workstation

Once you have started MobaXterm, click "Start local terminal" (as pictured above in Local Terminal section). You may encounter an error such as the following:

MobaXterm permission error message

To solve this problem, you will need to change the location of the virtual "root" and "home" directories. At the top of the MobaXterm window in the row of buttons, click "Settings" (the second to last on the right-hand side):

MobaXterm settings button

A settings dialog will open. By default, the virtual root and home directories will be set to "_MyDocuments_\MobaXterm\" which lacks proper write permissions for the OAL workstations:

MobaXterm default root and home

Change both of these by clicking on the current values (with the little yellow folder on the right-hand side). Scroll up to find the "Temp" folder, which is under the "C:" drive:

MobaXterm choose C:\Temp

Once both have been changed, they should look like this:

MobaXterm root and home set to C:\Temp

Once you click "OK", MobaXterm will need to restart to commit these changes:

MobaXterm restart



Installing on Temp Drive of Open Access Lab workstation

Special Instructions

Note: This only applies to an unusual circumstance. In most cases, MobaXterm will already be installed on the OAL workstations. You will not need to do this on your personal computer or any computer for which you have privileges to install the software.

If MobaXterm is not installed on an Open Access Lab workstation, download the portable version and copy the programs to a folder in the C:\Temp folder, i.e., C:\Temp\Moba (you will need to create this folder first). From that folder, run the program MobaXterm_Portable_version.exe to start MobaXterm. Select "Settings" in the top menu and choose "global settings". In the "General" tab of the settings window, specify C:\Temp as the Persistent home directory and Persistent root (/) directory:

MobaXterm choose C:\Temp

Once you have completed this, you should be able to run the portable version from your home drive without error.

File Transfer from Windows

WinSCP

WinSCP is a graphical SCP, "point and click" encrypted remote file transfer client for Windows. It is built on top of a portion of the PuTTY source code. It can be downloaded from: https://winscp.net/download/winscp577setup.exe. After downloading, double-click on the icon to begin the installation. Follow all the steps (it is a typical windows install wizard) and choose the "typical" install option when prompted. It should only take a few seconds to install the package. When done, a WinSCP icon should appear on the Desktop.

  1. Double-click the WinSCP icon to start WinSCP. The following window should appear.
  2. WinSCP Session

    Type in the name of the system to which you seek to establish a connection as well as your username and account password for that remote machine. The port number field should contain "22" and the protocol should be set to "SFTP". Next, select the SSH branch from the options tree in the left portion of the window.


  3. In the SSH portion of the GUI, AES encryption should be moved to the top by highlighting it and pressing the "Up" button until it is at the top of the selection policy.
  4. WinSCP ssh


  5. You can now save the settings you just adjusted by going back to the "Session" branch and clicking the "Save" button to get the following dialogue box: </li
    WinSCP Save
  6. After this is done, go back to the SSH branch and click the "login" button at the bottom of the window. If this is the first time you have accessed this particular remote machine through WinSCP, you will see the following message:
  7. WinSCP Hostkey
  8. Click "Yes" to proceed. You will then see the following window:
  9. WinSCP Main

    To move to the desired directories, use the navigation bars at the top. The local system is on the left and the remote system on the right. The toolbar at the bottom of the window contains function keys for performing copies, deletes, etc.

  10. Let's say you wanted to copy the file "sc08 template.ppt" from the local computer (left window) to the remote computer (right window). Click on the file "sc08 template.ppt" and hit the space bar to select the file "sc08 template.ppt".
  11. Now, either press the F5 key or click the icon for "Copy" at the bottom of the window. You will be prompted for a confirmation:
  12. WinSCP Copy
  13. Finally, a transfer progress window will appear:
  14. WinSCP Transfer

Depending on the size of the file(s) and the speed of your network connection, this could take a anywhere from a few seconds to several minutes. Many users at TAMU HPRC have very large files. Don't be surprised if a 2GB file takes tens of minutes to complete. When you are ready to disconnect from the remote system, press F10 or just exit from the program.


MobaXterm

On the left-hand side of the MobaXterm window, different tabs are available. The labels are written vertically. Choosing the "Sftp" tab will display a file tree of the remote machine to which you are connected, such as:

MobaXterm file explore


You may choose files to edit with the built-in editor. You may also transfer files from your Windows machine to the remote cluster, and vice versa. Just drag a local file (from a Windows File Explorer window or similar program) to the SFTP file tree on the left side of the MobaXterm window.

Access from MacOS

Using the Terminal Program

Find the Terminal program under Applications->Utilities.

On your Mac click the Finder Finder.png icon to start finder:

  1. Select Applications App-icon.jpg
  2. Double click the Utilities folder
  3. Double click the Terminal utility Term-icon.jpg
  4. A Terminal window will now appear.
  5. Connect to the cluster using SSH.

Remote Display of Programs with Graphical Interfaces

The recommended X-Windows emulator for Mac OS X is XQuartz, which is available for free from the XQuartz Project.

  1. After XQuartz is installed on your system, start XQuartz.
  2. An xterm window should appear on your screen.
  3. Login to the desired cluster (example: ada.tamu.edu).
    ssh -X netID@ada.tamu.edu
    The -X option tells SSH to allow programs to forward and display their graphical interfaces. This is known as X11 forwarding.
  4. To verify that X11 forwarding is working, type the following command:
    xterm
    If a new xterm terminal window for the remote system pops up, then X11 forwarding is working correctly.

Access from Linux/Unix

OpenSSH is an SSH v1.x and v2.x compliant SSH package that is available for many Linux and Unix operating systems and is " ...freely usable and re-usable by everyone under a BSD license... ". OpenSSH also includes secure copy (scp), which may be used instead of ftp. It is available from: ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/.

Using the Terminal

If you are using a UNIX based system (IRIX, Linux, SunOS, etc), open a terminal window and connect to the cluster using SSH.

Remote Display of Programs with Graphical Interfaces

Typically, if you use a graphical login screen to login a Linux or Unix system, then the system is already running a X11 server. You will need to login with SSH to the cluster in a slightly different manner:

ssh -X NetID@ada.tamu.edu

The -X option tells SSH to allow programs to forward and display their graphical interfaces. This is known as X11 forwarding. To verify that X11 forwarding is working, type the following command:

xterm

If a new xterm terminal window for the remote system pops up, then X11 forwarding is working correctly.