Terminal

Connecting to HPC3 via ssh

You must either be on the campus network or connected to the UCI campus VPN to access HPC3.

1. Terminal

To use ssh, you need to use one of Terminal applications and depending on a user laptop they can be:

Linux	use your favorite Terminal application
Mac	Terminal or iTerm2
Windows	PuTTY or MobaXterm
Windows 10	Windows Terminal, Linux Subsystem for Windows or MobaXterm

MobaXterm users DO NOT enable Remote monitoring! This is an experimental feature of MobaXterm that runs unnecessary multiple processes on login node under your account. These processes add to the overall load on the cluster. None of the information they collect you can use for your work on the cluster.

2. SSH

2.1. Connect

SSH is the only way to directly log in to HPC3 for interactive use. Use your UCINetID and associated password to connect to an HPC3 login node (which are several load-balanced, systems) hpc3.rcic.uci.edu.

Your login name can be specified as ether user@hostname or given with the -l option, for example a user with UCINetID panteater can use:

ssh panteater@hpc3.rcic.uci.edu
or
ssh hpc3.rcic.uci.edu -l panteater

It is a requirement per our Acceptable Use Policy that your ssh-keys have a non-empty passphrase. Use ssh-agent (macOS/Linux) or PuTTYgen (Windows) as a convenient way for you to not keep re-entering your passphrase. For more information about SSH passphrases see SSH Academy.

Once you have logged in on the cluster, there is no ssh connection to the compute nodes. See SLURM tutorial which explains how to use slurm commands to achieve the same.

2.2. Multifactor Authentication (Duo)

After the June 15, 2022 maintenance, HPC2/HPC3 will require multifactor authentication using UCI’s Duo infrastructure for all password-based logins. When DUO is active, you will be prompted to enter a code (backup or generated by your DUO device) or request a push to your enrolled DUO-enabled device. A prompt looks similar to

ssh panteater@hpc3.rcic.uci.edu
Password:
Duo two-factor login for panteater

Enter a passcode or select one of the following options:

1. Duo Push to XXX-XXX-1212

Passcode or option (1-1): 1
Success. Logging you in...
Last login:  ....

2.3. SSH Keys (and Duo)

The design/implementation of the DUO-supplied PAM module makes it possible to use an SSH-key to login without entering a DUO code or receiving a DUO push. HPC3 supports the use of ssh-keys for remote login

We have written local guides for:

Setting up and using ssh key-based login

Ssh with DUO

In essence, the system from which you are initiating ssh (e.g. your laptop or workstation) should have a locally-generated and password protected ssh private key. The public key corresponding to that private key is placed on HPC2/HPC3 in your .ssh/authorized_keys file. Please use the following principles

Every user-generated ssh private key that you generated MUST be password protected.
Generate a different private key and password for each device you plan to use regularly to access from HPC3. For example, if you two different laptops, generate a private key for each laptop.
Learn how to use ssh-agent to gain the convenience of a "passwordless" ssh key, but has all the security of a password-protected key. (Linux, Windows(PuTTY/Pageant), Windows(Powershell), MacOS)
Treat all of your ssh private keys with care. If you are on a shared system (e.g. a lab workstation), make sure that file permissions are set such you (and only you) can read and unlock the key with its passphrase
Never add a different user’s ssh public into your authorized_keys file. This is a violation of account sharing.

2.4. FileZilla and DUO

If you use FileZilla (Windows users) for files transfer you will need to change your login type to interactive in FileZilla Site Manger settings. For exact instructions please see Filezilla Site Manger

2.5. MobaXterm and DUO

If you use MobaXterm you need to make sure that at in your mobaxterm settings in SSH tab in Advanced ssh settings and set your Remote Environment to Interative shell: