HPC/Network Access: Difference between revisions
m (→Using the ssh gateway: def. list) |
m (category) |
||
Line 57: | Line 57: | ||
--[[User:Stern|stern]] February 14, 2008 (CST) | --[[User:Stern|stern]] February 14, 2008 (CST) | ||
[[Category:HPC]] |
Revision as of 15:54, April 8, 2009
From workstations within Argonne networks, the HPC cluster and a number of other computers are accessible directly. For access originating from outside Argonne networks, which includes machines at the APS, one of the following mechanisms must be used:
- Argonne VPN
- ssh gateway
For either mechanism, we use the Argonne kerberos domain login and password for authentication. Access to the Argonne VPN requires an Argonne affiliation. If VPN access cannot be granted, the ssh gateway is available. For accessing a few specific resources on the intranet, advanced users may well prefer SSH over VPN. This document focuses on the use of the ssh gateway.
Cluster login nodes
Our HPC cluster Carbon is accessed via its login nodes which share the following name:
clogin.cnm.anl.gov
These nodes are accessible directly only from within Argonne networks, through the Argonne VPN, and from the CNM ssh gateway. The following section gives detailed information on setup and use of the gateway, and applies for most other CNM machines as well.
Using the ssh gateway
The CNM maintains a machine that acts as gateway from the open internet to machines on the CNM intranet. The machine's name is:
mega.cnm.anl.gov
Note that you will not have a home directory on this machine – it is neither strictly required nor needed for the tunneling functionality. We only allow password authentication, i.e., you will always have to type in your domain password to establish a tunnel. To use the tunnel for interactive operations and file transfer on the end systems, ssh public keys are normally permissible and must be placed at the end machines.
- Tunnel Setup – read this first
- SSH GUI Applications
Additional information:
CNM workstations on the APS network
For users with workstations that are still on the APS networks, there is a conflict of kerberos tickets. Prior to accessing the cluster, the APS ticket must be destroyed, so that the ANL.GOV ticket may be used. To do this, use the kdestroy(8) command or, on Mac OS X, /System/Library/CoreServices/Kerberos.app . (Credit: Anthony Avarca)
Password Policies
The methods described above will grant you, the holder of your Argonne domain password and private ssh key, access to your account on Carbon. As with any Argonne computer system, the following rules apply:
- Keep passphrases and passwords private – do not share them with anyone, including administrators that you know or don't know.
- Keep your private key file private - do not share it with anyone.
- Use a strong passphrase following DOE password regulations.
--stern February 14, 2008 (CST)