Hprc banner tamu.png

HPRC:Access

From TAMU HPRC
Jump to: navigation, search

To connect to HPRC clusters, you must use SSH (Secure Shell). SSH is a client-server software that provides for secure (by encryption) logins and other communication between two hosts. SSH is freely available on the Internet for Linux/Unix and PC Windows (in the guise of MobaXterm).

To initiate SSH connection to target cluster's login node, find the hostname and credential (userID/password) info from Table 1 below. For example, if you are connecting to Ada cluster from a terminal enter:

[user1@localhost ~]$ ssh [NetID]@ada.tamu.edu

where the ada.tamu.edu address is a DNS round-robin alias for ada[1-8].tamu.edu. You will be prompted for your password in order to establish authentication. Once you login into one of the login nodes, the shell's prompt will be [NetID].ada[1-8].

If, however, you are connecting for the very first time, you will see a message similar to the following before arriving at the password prompt:

The authenticity of host 'ada (165.91.16.18)' can't be established.
ECDSA key fingerprint is SHA256:SfQPtDJW30sj4kG2c4KGFw7LcEduSOFeXGIlsf4WhEA.
ECDSA key fingerprint is MD5:9c:ea:ba:22:0f:6f:1e:b9:0c:21:d4:b6:70:0f:a0:d5.
Are you sure you want to continue connecting (yes/no)? 

Type yes and you will then be presented with the password prompt.

Warning: Permanently added 'ada' (ECDSA) to the list of known hosts.
NetID@ada.tamu.edu's password:
Table 1: Hostname and credential info of HPRC clusters
Cluster Hostname Number of login nodes Credential (UserID / Password)
Ada ada.tamu.edu 8 (ada1 ~ ada8) NetID / NetID password
Curie curie.tamu.edu 2 (curie1 ~ curie2) NetID / NetID password
Terra terra.tamu.edu 3 (terra1 ~ terra3) NetID / NetID password

Off-campus Access

For connecting to cluster login nodes from outside the campus, you need to activate Virtual Private Network (VPN) first, then initiate SSH connection to the cluster login nodes. You can find VPN installation instruction from TAMU ServiceNow Knowledge Base page on VPN.

Two-Factor Authentication Requirement

Starting October 1, 2018, the Division of Information Technology will require use of Duo NetID Two Factor Authentication on its Virtual Private Network (VPN) (connect.tamu.edu) service.

Duo provides a second layer of security to Texas A&M accounts.


If you are not already enrolled in Duo and plan to use VPN, you can enroll now at duo.tamu.edu.Enrolling is as easy as 1-2-3:

1. Choose your device and download the Duo Mobile app. (We strongly recommend the mobile app as the most user-friendly option.)

2. Start your enrollment at https://gateway.tamu.edu/duo-enroll/;

3. Remember: Once you sign up, you will need your Duo-enrolled device when you log in to most Texas A&M resources.

Access from Windows

Using MobaXterm (Recommended)

MobaXterm is an enhanced terminal for Windows with a built-in X11 server, tabbed SSH client, built-in file editor, SFTP functionality, and other useful features. It is available from: http://mobaxterm.mobatek.net/download.html

You will need to choose which license (free Home edition, or professional) and then select the Portable or Installer edition. The Installer edition works best on your personal machine, when you have the privileges to install software. The portable version may be necessary when using a lab workstation, for example. (Be sure to check if MobaXterm is already installed in the Windows Start menu.)

Local Terminal

  1. Open MobaXterm and start a local terminal:
  2. Moba Start-local.png
  3. From the local terminal, connect to the cluster using SSH:
  4. Moba from-local.png

If you encounter a permission error like this:

MobaXterm permission error message

see the special instructions here.

SSH Session

  1. Open MobaXterm and open the Session settings:
  2. Session.png
  3. Enter the hostname in the "Remote Host" field, check the box for "Specify username" and enter the proper username for the cluster you are connecting to, ada.tamu.edu in this case:
    Moba ssh.png
  4. Once you click OK you will be prompted to enter your password. Enter the proper password for the cluster you are connecting to.

Using PuTTY

PuTTY is a full-featured, SSH v1.x, v2.x compliant client for Windows. You can get PuTTY as well as PSCP (a tool for encrypted remote file transfer) at: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

  1. After installing PuTTY, open PuTTY to get a window similar to the following:
  2. PuTTY main window
  3. Enter the host name of the remote machine you want to connect to, ada.tamu.edu in this case. The settings we are configuring for this connection can be saved as a session profile by PuTTY if we give this session a name and click on the "Save" button on this initial window. We have called this session "ada", but we will not yet save the profile since we still need to modify other parameters before we are ready to establish the connection.
  4. Make sure the SSH parameters are correct. Click on SSH in the category tree (this is found under the "Connection" branch). Verify that the preferred SSH protocol version is "2 only" and the preferred encryption algorithm is AES.
  5. PuTTY encryption window
  6. Next, go to the "Auth" portion of the GUI and make sure that the settings are configured as follows:
  7. PuTTY authentication window
  8. Next, in the "Tunnels" window, enable X11 forwarding:
  9. PuTTY tunnels window
  10. Since now we have configured all the parameters as we want them, we can go back to the sessions window and click on the "Save" button to save these settings under the session name of "ada".
  11. PuTTY main window with save
  12. To establish a connection to the cluster, we can now simply highlight the session and click on "Open."
  13. Finally, you should be presented with a window with a command line interface and will be asked to supply your login name and password:
  14. PuTTY login window
  15. Enter the proper credentials for the cluster you are connecting to.

NOTE: If this is the first time you are attempting to connect to the remote machine, PuTTY will warn you that it doesn't know the machine's public key and give you the option of continuing or not. Just click on "Yes". Once this is done, you won't see this message again for this machine unless the public key on the remote machine changes for some reason.

Remote Display of Programs with Graphical Interfaces

MobaXterm has a built-in X11 server, no extra software is needed to display programs with graphical interfaces if you are using MobaXterm. If you are using PuTTY, you will need an X server like Xming.

Xming is an X Server for Microsoft Windows. Although the latest version requires a contribution (approximately $20 USD) there is also an older (free) Public Domain Release (version 6.9.0.31) which can be found at: http://www.straightrunning.com/XmingNotes/

  1. After installing Xming (or Xming-mesa if you need OpenGL support), start Xming using the installed shortcut.
  2. Make sure your desired PuTTY session is configured with X11 forwarding as described above.
  3. Login to the desired cluster via PuTTY.
  4. Start an xterm window with the following command:
  5. xterm
    If a new xterm terminal window for the remote system pops up, then X11 forwarding is working correctly.

File Transfer from Windows

WinSCP

WinSCP is a graphical SCP, "point and click" encrypted remote file transfer client for Windows. It is built on top of a portion of the PuTTY source code. It can be downloaded from: https://winscp.net/download/winscp577setup.exe. After downloading, double-click on the icon to begin the installation. Follow all the steps (it is a typical windows install wizard) and choose the "typical" install option when prompted. It should only take a few seconds to install the package. When done, a WinSCP icon should appear on the Desktop.

  1. Double-click the WinSCP icon to start WinSCP. The following window should appear.
  2. WinSCP Session

    Type in the name of the system to which you seek to establish a connection as well as your username and account password for that remote machine. The port number field should contain "22" and the protocol should be set to "SFTP". Next, select the SSH branch from the options tree in the left portion of the window.


  3. In the SSH portion of the GUI, AES encryption should be moved to the top by highlighting it and pressing the "Up" button until it is at the top of the selection policy.
  4. WinSCP ssh


  5. You can now save the settings you just adjusted by going back to the "Session" branch and clicking the "Save" button to get the following dialogue box: </li
    WinSCP Save
  6. After this is done, go back to the SSH branch and click the "login" button at the bottom of the window. If this is the first time you have accessed this particular remote machine through WinSCP, you will see the following message:
  7. WinSCP Hostkey
  8. Click "Yes" to proceed. You will then see the following window:
  9. WinSCP Main

    To move to the desired directories, use the navigation bars at the top. The local system is on the left and the remote system on the right. The toolbar at the bottom of the window contains function keys for performing copies, deletes, etc.

  10. Let's say you wanted to copy the file "sc08 template.ppt" from the local computer (left window) to the remote computer (right window). Click on the file "sc08 template.ppt" and hit the space bar to select the file "sc08 template.ppt".
  11. Now, either press the F5 key or click the icon for "Copy" at the bottom of the window. You will be prompted for a confirmation:
  12. WinSCP Copy
  13. Finally, a transfer progress window will appear:
  14. WinSCP Transfer

Depending on the size of the file(s) and the speed of your network connection, this could take a anywhere from a few seconds to several minutes. Many users at TAMU HPRC have very large files. Don't be surprised if a 2GB file takes tens of minutes to complete. When you are ready to disconnect from the remote system, press F10 or just exit from the program.

Access from MacOS

Using the Terminal Program

Find the Terminal program under Applications->Utilities.

On your Mac click the Finder Finder.png icon to start finder:

  1. Select Applications App-icon.jpg
  2. Double click the Utilities folder
  3. Double click the Terminal utility Term-icon.jpg
  4. A Terminal window will now appear.
  5. Connect to the cluster using SSH.

Remote Display of Programs with Graphical Interfaces

The recommended X-Windows emulator for Mac OS X is XQuartz, which is available for free from the XQuartz Project.

  1. After XQuartz is installed on your system, start XQuartz.
  2. An xterm window should appear on your screen.
  3. Login to the desired cluster (example: ada.tamu.edu).
    ssh -X netID@ada.tamu.edu
    The -X option tells SSH to allow programs to forward and display their graphical interfaces. This is known as X11 forwarding.
  4. To verify that X11 forwarding is working, type the following command:
    xterm
    If a new xterm terminal window for the remote system pops up, then X11 forwarding is working correctly.

Access from Linux/Unix

OpenSSH is an SSH v1.x and v2.x compliant SSH package that is available for many Linux and Unix operating systems and is " ...freely usable and re-usable by everyone under a BSD license... ". OpenSSH also includes secure copy (scp), which may be used instead of ftp. It is available from: ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/.

Using the Terminal

If you are using a UNIX based system (IRIX, Linux, SunOS, etc), open a terminal window and connect to the cluster using SSH.

Remote Display of Programs with Graphical Interfaces

Typically, if you use a graphical login screen to login a Linux or Unix system, then the system is already running a X11 server. You will need to login with SSH to the cluster in a slightly different manner:

ssh -X NetID@ada.tamu.edu

The -X option tells SSH to allow programs to forward and display their graphical interfaces. This is known as X11 forwarding. To verify that X11 forwarding is working, type the following command:

xterm

If a new xterm terminal window for the remote system pops up, then X11 forwarding is working correctly.