HPC/Network Access: Difference between revisions

From CNM Wiki
< HPC
Jump to navigation Jump to search
Line 31: Line 31:


[[Image:Using Carbon - II Remote Access - Title.png|right|200px|border]]
[[Image:Using Carbon - II Remote Access - Title.png|right|200px|border]]
* SSH Tunnel Setup – read this first.
; Tunnel Setup – read this first:
** [[HPC/Network Access/SSH Tunnel Setup on Linux and MacOS| Linux and MacOS]]
* [[HPC/Network Access/SSH Tunnel Setup on Linux and MacOS| Linux and MacOS]]
** [[HPC/Network Access/PuTTY Configuration| Windows (using PuTTY)]]
* [[HPC/Network Access/PuTTY Configuration| Windows (using PuTTY)]]
* [[HPC/Network Access/MacOS GUI Applications for SSH| MacOS GUI Applications for SSH]]
; SSH GUI Applications:
* [[HPC/Network Access/Windows Applications for SSH|Windows Applications for SSH]]
* [[HPC/Network Access/MacOS GUI Applications for SSH| MacOS]]
* [[HPC/Network Access/Windows Applications for SSH| Windows]]


Additional information:
Additional information:

Revision as of 18:43, November 14, 2008

From workstations within Argonne networks, the HPC cluster and a number of other computers are accessible directly. For access originating from outside Argonne networks, which includes machines at the APS, one of the following mechanisms must be used:

For either mechanism, we use the Argonne kerberos domain login and password for authentication. Access to the Argonne VPN requires an Argonne affiliation. If VPN access cannot be granted, the ssh gateway is available. For accessing a few specific resources on the intranet, advanced users may well prefer SSH over VPN. This document focuses on the use of the ssh gateway.

Cluster login nodes

Our HPC cluster Carbon is accessed via its login nodes which share the following name:

 clogin.cnm.anl.gov

These nodes are accessible directly only from within Argonne networks, through the Argonne VPN, and from the CNM ssh gateway. The following section gives detailed information on setup and use of the gateway, and applies for most other CNM machines as well.

Using the ssh gateway

The CNM maintains a machine that acts as gateway from the open internet to machines on the CNM intranet. The machine's name is:

 mega.cnm.anl.gov

Note that you will not have a home directory on this machine – it is neither strictly required nor needed for the tunneling functionality. We only allow password authentication, i.e., you will always have to type in your domain password to establish a tunnel. To use the tunnel for interactive operations and file transfer on the end systems, ssh public keys are normally permissible and must be placed at the end machines.

Using Carbon - II Remote Access - Title.png
Tunnel Setup – read this first
SSH GUI Applications

Additional information:

CNM workstations on the APS network

For users with workstations that are still on the APS networks, there is a conflict of kerberos tickets. Prior to accessing the cluster, the APS ticket must be destroyed, so that the ANL.GOV ticket may be used. To do this, use the kdestroy(8) command or, on Mac OS X, /System/Library/CoreServices/Kerberos.app . (Credit: Anthony Avarca)

Password Policies

The methods described above will grant you, the holder of your Argonne domain password and private ssh key, access to your account on Carbon. As with any Argonne computer system, the following rules apply:

  • Keep passphrases and passwords private – do not share them with anyone, including administrators that you know or don't know.
  • Keep your private key file private - do not share it with anyone.
  • Use a strong passphrase following DOE password regulations.

--stern February 14, 2008 (CST)