Connecting to HPC3 via ssh
IMPORTANT: You must either be on the campus network or connected to the UCI campus VPN to access HPC3.
1. Terminal
To use ssh, you need to use one of Terminal applications and depending on a user laptop they can be:
| Linux |
use your favorite Terminal application |
| Mac |
Terminal or iTerm2 |
| Windows | |
| Windows 10 |
Windows Terminal, Linux Subsystem for Windows or MobaXterm |
IMPORTANT: MobaXterm users DO NOT enable Remote monitoring! This is an experimental feature of MobaXterm that runs unnecessary multiple processes on login node under your account. These processes add to the overall load on the cluster. None of the information they collect you can use for your work on the cluster. Do check the lower portion of your mobaxterm window to verify that your monitoring is disablewd. See figures below for a reference:
2. SSH
2.1. Connect
SSH is the only way to directly log in to HPC3 for interactive use. Use your UCINetID and associated password to connect to an HPC3 login node (which are several load-balanced, systems) hpc3.rcic.uci.edu.
Your login name can be specified as ether user@hostname or given with the -l option, for example a user with UCINetID panteater can use:
ssh panteater@hpc3.rcic.uci.edu or ssh hpc3.rcic.uci.edu -l panteater
| It is a requirement per our Acceptable Use Policy that your ssh-keys have a non-empty passphrase. Use ssh-agent (macOS/Linux) or PuTTYgen (Windows) as a convenient way for you to not keep re-entering your passphrase. For more information about SSH passphrases see SSH Academy. |
| Once you have logged in on the cluster, there is no ssh connection to the compute nodes. See SLURM tutorial which explains how to use slurm commands to achieve the same. |
2.2. Multifactor Authentication (Duo)
After the June 15, 2022 maintenance, HPC2/HPC3 will require multifactor authentication using UCI’s Duo infrastructure for all password-based logins. When DUO is active, you will be prompted to enter a code (backup or generated by your DUO device) or request a push to your enrolled DUO-enabled device. A prompt looks similar to
ssh panteater@hpc3.rcic.uci.edu Password: Duo two-factor login for panteater Enter a passcode or select one of the following options: 1. Duo Push to XXX-XXX-1212 Passcode or option (1-1): 1 Success. Logging you in... Last login: ....
2.3. SSH Keys (and Duo)
The design/implementation of the DUO-supplied PAM module makes it possible to use an SSH-key to login without entering a DUO code or receiving a DUO push. HPC3 supports the use of ssh-keys for remote login
We have written local guides for:
In essence, the system from which you are initiating ssh (e.g. your laptop or workstation) should have a locally-generated and password protected ssh private key. The public key corresponding to that private key is placed on HPC2/HPC3 in your .ssh/authorized_keys file. Please use the following principles
-
Every user-generated ssh private key that you generated MUST be password protected.
-
Generate a different private key and password for each device you plan to use regularly to access from HPC3. For example, if you two different laptops, generate a private key for each laptop.
-
Learn how to use ssh-agent to gain the convenience of a "passwordless" ssh key, but has all the security of a password-protected key. (Linux, Windows(PuTTY/Pageant), Windows(Powershell), MacOS)
-
Treat all of your ssh private keys with care. If you are on a shared system (e.g. a lab workstation), make sure that file permissions are set such you (and only you) can read and unlock the key with its passphrase
-
Never add a different user’s ssh public into your authorized_keys file. This is a violation of account sharing.
2.4. FileZilla and DUO
If you use FileZilla (Windows users) for files transfer you will need to change your login type to interactive in FileZilla Site Manger settings. For exact instructions please see Filezilla Site Manger
2.5. FileZilla with SSH keys
Sometimes it is more convenient to use SSH keys based authentication (in place of DUO). There are three mechanisms for use of the FileZilla client with SSH-2 keys. We describe here only the process of generating SSH keys and copying them to the cluster. Once these two steps below are done see the detailed instructions for the three mecanisms in FileZilla SSH key based authentication to setup your FileZilla client.
-
Create your SSH key on your laptop (here we show OpenSSH method):
cd ~/.ssh ssh-keygen -t rsa -f filezilla (choose a desired name, usually a single word)
The above command will generate two files filezilla (private key) and filezilla.pub (public key). They work as a pair.
Important: private key should NEVER be shared
Important: use a passphrase for your key (do not forget that passphrase)
-
Transfer the public key from your laptop to your HPC3 home directory $HOME/.ssh/authorized_keys file:
cd ~/.ssh [bluelight]*ssh-copy-id -i filezilla YourLoginAccount@hpc3.rcic.uci.edu
You will be prompted for the standard DUO authentication and password to run the above command.
2.6. MobaXterm and DUO
If you use MobaXterm you need to make sure that at in your mobaxterm settings in SSH tab in Advanced ssh settings and set your Remote Environment to Interative shell:
2.7. Troubleshooting
There are many online guides for ssh:
Please see the HPC3 reference guide for information on submitting jobs, using environment modules, submitting support tickets and more.
3. Quick Links
Please see guides below that provide more information and explain how to get help and how to use HPC3:
