Logging in to the HPCs

To logon to the NeSI HPCs, you must:

  1. Have terminal software (see Prerequisites) on your PC.
  2. Have a NeSI Account. (If you don't have one, please visit: create an account)
  3. Be a member of a current NeSI research project on the platform you wish to log on to. If you are not a member of a NeSI project team, you can ask to join an existing project team or apply for a new NeSI Project.

Basic logon procedure for testing

First, connect to NeSI’s lander node by typing:

ssh -Y <username>@lander02.nesi.org.nz

inside your terminal program, where <username> is your NeSI account username. You will see the following prompt:

First Factor:

Enter your password, after which you will see:

Second Factor (optional):

Enter the 6-digit code from Google Authenticator (these rotate every 30 seconds and can only be used once). 

You have now logged onto the lander node.

Next, to see your files, compile code, submit jobs to the scheduler and access your data, you will need to connect to one of the Māui or Mahuika login nodes.

For Mahuika:

ssh -Y login.mahuika.nesi.org.nz

You will be prompted for your two authentication factors again. Unlike when logging on to the lander node, the second factor at this step is in fact optional. We recommend that instead of entering a second factor you just press Enter to continue, however if you do choose to enter a second factor token you can't use the same six-digit code that you just used to log in to the lander node; instead, you must wait until Google Authenticator has refreshed the second factor token.

For Māui:

ssh -Y login.maui.nesi.org.nz

You will need to log in to Māui using your password and the second factor from Google Authenticator, e.g. if your first factor (password) is "MySecret1Password" and the current second factor is "123456", then you will enter MySecret1Password123456. Note that you can't use the same six-digit code that you just used to log in to the lander node; instead, you must wait until Google Authenticator has refreshed the second factor token.

We plan to change this so that the second factor will not be required for this step in the future.

Recommended logon procedure

The login process can be simplified to just a single ssh command, jumping across the lander node on the way to either the Māui or Mahuika login nodes.  This is more convenient for login, and practically essential for using X11 GUI programs or transferring data over the ssh connection.  The authentication factors you will be required to enter are the same as described above.

From Microsoft Windows via MobaXTerm

You must first enable use of two-factor authentication. First, open the MobaXTerm settings dialog (in the button bar at the top of the MobaXTerm window):

MobaXTerm_settings.png

Then, go to the SSH tab:

MobaXTerm_settings_SSH.png

Enable the option, "Use 2-factor authentication for SSH gateways" (You can also enable SSH keepalive here to stop inactive sessions closing).

2fac_auth.png

Click OK to exit the Settings dialog, and quit and restart MobaXTerm before continuing.

To set up a specific connection to Mahuika, create a new SSH session. Set the following options:

  • In "Basic SSH settings", set the remote host to login.mahuika.nesi.org.nz, enable the "Specify username" option and put your NeSI username in the corresponding box
  • In "Advanced SSH settings", set SSH-browser type to any option other than SFTP. For example, in the box below, SCP (enhanced speed) is selected. If you select None, note that you will need to set up a different client (such as WinSCP) for copying files.

MobaXterm_ssh_browser.png

  • In the “Network settings” tab:
    • Enable "Connect through SSH gateway (jump host)"
    • Enter lander02.nesi.org.nz in the “Gateway SSH server” field, as well as your NeSI username in the User field for the gateway SSH server.

mobaxtermnetwork.png

WARNING: There is currently a bug with MobaXterm and our systems which causes some MobaXterm users to initially prompted with "password:" several times before being prompted for their first and second factor, then failing to connect to the platforms. This can currently be resolved by pressing "Enter" each time you are initially prompted for "password:", then logging in as normal once you are prompted for your first factor.

From a Linux or MacOSX terminal

Run mkdir -p ~/.ssh/sockets and add the following lines to ~/.ssh/config on your machine (replacing <username> with your username):

Host *
    ControlMaster auto
    ControlPath ~/.ssh/sockets/ssh_mux_%h_%p_%r
    ControlPersist 1

Host mahuika
   User <username>
   Hostname login.mahuika.nesi.org.nz
   ProxyCommand ssh -W %h:%p lander
   ForwardX11 yes
   ForwardX11Trusted yes
   ServerAliveInterval 300
   ServerAliveCountMax 2

Host maui
   User <username>
   Hostname login.maui.nesi.org.nz
   ProxyCommand ssh -W %h:%p lander
   ForwardX11 yes
   ForwardX11Trusted yes
   ServerAliveInterval 300
   ServerAliveCountMax 2

Host lander
   User <username>
   HostName lander02.nesi.org.nz
   ForwardX11 yes
   ForwardX11Trusted yes
   ServerAliveInterval 300
   ServerAliveCountMax 2

Note: after creating the file ~/.ssh/config you should ensure the permissions are correct using  chmod 600 ~/.ssh/config.

This will allow you to run the command ssh mahuika (ssh maui) and bring you straight to Mahuika (Māui). With the Control directives, you will no longer have to type again your password with subsequent ssh or scp commands (recommended for data transfer). The ForwardX11 directives will enable X11 forwarding. The ServerAlive directives will stop the connection from hanging when you don’t type anything for some time. 

From the NIWA Network or VPN

If your local machine is inside the NIWA network then you can connect directly to one of the Māui or Mahuika login nodes without involving the lander node.

For Mahuika:

ssh -Y login.mahuika.nesi.org.nz

For Māui:

ssh -Y login.maui.nesi.org.nz

The authentication factors then required are the same as described above, without the lander step.

 

Labels: onboarding ssh howto access
Was this article helpful?
0 out of 0 found this helpful