HPC/Network Access: Difference between revisions
(migrated from internal wiki) |
m (→Using the ssh gateway: added PuTTY) |
||
Line 31: | Line 31: | ||
[[Image:Using Carbon - II Remote Access - Title.png|right|200px|border]] | [[Image:Using Carbon - II Remote Access - Title.png|right|200px|border]] | ||
* [[HPC/Network Access/SSH Tunnel Setup on Linux and MacOS| | * SSH Tunnel Setup – read this first. | ||
** [[HPC/Network Access/SSH Tunnel Setup on Linux and MacOS| Linux and MacOS]] | |||
** [[HPC/Network Access/PuTTY Configuration| Windows (using PuTTY)]] | |||
* [[HPC/Network Access/MacOS GUI Applications for SSH| MacOS GUI Applications for SSH]] | * [[HPC/Network Access/MacOS GUI Applications for SSH| MacOS GUI Applications for SSH]] | ||
* [[HPC/Network Access/Windows Applications for SSH|Windows Applications for SSH]] | * [[HPC/Network Access/Windows Applications for SSH|Windows Applications for SSH]] |
Revision as of 18:40, November 14, 2008
From workstations within Argonne networks, the HPC cluster and a number of other computers are accessible directly. For access originating from outside Argonne networks, which includes machines at the APS, one of the following mechanisms must be used:
- Argonne VPN
- ssh gateway
For either mechanism, we use the Argonne kerberos domain login and password for authentication. Access to the Argonne VPN requires an Argonne affiliation. If VPN access cannot be granted, the ssh gateway is available. For accessing a few specific resources on the intranet, advanced users may well prefer SSH over VPN. This document focuses on the use of the ssh gateway.
Cluster login nodes
Our HPC cluster Carbon is accessed via its login nodes which share the following name:
clogin.cnm.anl.gov
These nodes are accessible directly only from within Argonne networks, through the Argonne VPN, and from the CNM ssh gateway. The following section gives detailed information on setup and use of the gateway, and applies for most other CNM machines as well.
Using the ssh gateway
The CNM maintains a machine that acts as gateway from the open internet to machines on the CNM intranet. The machine's name is:
mega.cnm.anl.gov
Note that you will not have a home directory on this machine – it is neither strictly required nor needed for the tunneling functionality. We only allow password authentication, i.e., you will always have to type in your domain password to establish a tunnel. To use the tunnel for interactive operations and file transfer on the end systems, ssh public keys are normally permissible and must be placed at the end machines.
- SSH Tunnel Setup – read this first.
- MacOS GUI Applications for SSH
- Windows Applications for SSH
Additional information:
CNM workstations on the APS network
For users with workstations that are still on the APS networks, there is a conflict of kerberos tickets. Prior to accessing the cluster, the APS ticket must be destroyed, so that the ANL.GOV ticket may be used. To do this, use the kdestroy(8) command or, on Mac OS X, /System/Library/CoreServices/Kerberos.app . (Credit: Anthony Avarca)
Password Policies
The methods described above will grant you, the holder of your Argonne domain password and private ssh key, access to your account on Carbon. As with any Argonne computer system, the following rules apply:
- Keep passphrases and passwords private – do not share them with anyone, including administrators that you know or don't know.
- Keep your private key file private - do not share it with anyone.
- Use a strong passphrase following DOE password regulations.
--stern February 14, 2008 (CST)