Connecting to HPC3 via ssh

IMPORTANT: You must either be on the campus network or connected to the UCI campus VPN to access HPC3.

1. Terminal

To use ssh, you need to use one of Terminal applications and depending on a user laptop they can be:

Linux

use your favorite Terminal application

Mac

Terminal or iTerm2

Windows

PuTTY or MobaXterm

Windows 10

Windows Terminal, Linux Subsystem for Windows or MobaXterm

IMPORTANT: MobaXterm users DO NOT enable Remote monitoring! This is an experimental feature of MobaXterm that runs unnecessary multiple processes on login node under your account. These processes add to the overall load on the cluster. None of the information they collect you can use for your work on the cluster. Do check the lower portion of your mobaxterm window to verify that your monitoring is disablewd. See figures below for a reference:

mobaxterm mon
Figure 1. Monitoring enabled - WRONG
mobaxterm no mon
Figure 2. Monitoring disabled - correct

2. SSH

2.1. Connect

SSH is the only way to directly log in to HPC3 for interactive use. Use your UCINetID and associated password to connect to an HPC3 login node (which are several load-balanced, systems) hpc3.rcic.uci.edu.

Your login name can be specified as ether user@hostname or given with the -l option, for example a user with UCINetID panteater can use:

ssh panteater@hpc3.rcic.uci.edu
or
ssh hpc3.rcic.uci.edu -l panteater
It is a requirement per our Acceptable Use Policy that your ssh-keys have a non-empty passphrase. Use ssh-agent (macOS/Linux) or PuTTYgen (Windows) as a convenient way for you to not keep re-entering your passphrase. For more information about SSH passphrases see SSH Academy.
Once you have logged in on the cluster, there is no ssh connection to the compute nodes. See SLURM tutorial which explains how to use slurm commands to achieve the same.

2.2. Multifactor Authentication (Duo)

After the June 15, 2022 maintenance, HPC2/HPC3 will require multifactor authentication using UCI’s Duo infrastructure for all password-based logins. When DUO is active, you will be prompted to enter a code (backup or generated by your DUO device) or request a push to your enrolled DUO-enabled device. A prompt looks similar to

ssh panteater@hpc3.rcic.uci.edu
Password:
Duo two-factor login for panteater

Enter a passcode or select one of the following options:

1. Duo Push to XXX-XXX-1212

Passcode or option (1-1): 1
Success. Logging you in...
Last login:  ....

2.3. SSH Keys (and Duo)

The design/implementation of the DUO-supplied PAM module makes it possible to use an SSH-key to login without entering a DUO code or receiving a DUO push. HPC3 supports the use of ssh-keys for remote login

We have written local guides for:

Setting up and using ssh key-based login

Ssh with DUO

In essence, the system from which you are initiating ssh (e.g. your laptop or workstation) should have a locally-generated and password protected ssh private key. The public key corresponding to that private key is placed on HPC2/HPC3 in your .ssh/authorized_keys file. Please use the following principles

  • Every user-generated ssh private key that you generated MUST be password protected.

  • Generate a different private key and password for each device you plan to use regularly to access from HPC3. For example, if you two different laptops, generate a private key for each laptop.

  • Learn how to use ssh-agent to gain the convenience of a "passwordless" ssh key, but has all the security of a password-protected key. (Linux, Windows(PuTTY/Pageant), Windows(Powershell), MacOS)

  • Treat all of your ssh private keys with care. If you are on a shared system (e.g. a lab workstation), make sure that file permissions are set such you (and only you) can read and unlock the key with its passphrase

  • Never add a different user’s ssh public into your authorized_keys file. This is a violation of account sharing.

2.4. FileZilla and DUO

If you use FileZilla (Windows users) for files transfer you will need to change your login type to interactive in FileZilla Site Manger settings. For exact instructions please see Filezilla Site Manger

filezilla

2.5. FileZilla with SSH keys

Sometimes it is more convenient to use SSH keys based authentication (in place of DUO). There are three mechanisms for use of the FileZilla client with SSH-2 keys. We describe here only the process of generating SSH keys and copying them to the cluster. Once these two steps below are done see the detailed instructions for the three mecanisms in FileZilla SSH key based authentication to setup your FileZilla client.

  1. Create your SSH key on your laptop (here we show OpenSSH method):

    cd ~/.ssh
    ssh-keygen -t rsa -f filezilla  (choose a desired name, usually a single word)

    The above command will generate two files filezilla (private key) and filezilla.pub (public key). They work as a pair.

    Important: private key should NEVER be shared

    Important: use a passphrase for your key (do not forget that passphrase)

  2. Transfer the public key from your laptop to your HPC3 home directory $HOME/.ssh/authorized_keys file:

    cd ~/.ssh
    [bluelight]*ssh-copy-id -i filezilla YourLoginAccount@hpc3.rcic.uci.edu

    You will be prompted for the standard DUO authentication and password to run the above command.

2.6. MobaXterm and DUO

If you use MobaXterm you need to make sure that at in your mobaxterm settings in SSH tab in Advanced ssh settings and set your Remote Environment to Interative shell:

mobaxterm

2.7. Troubleshooting

There are many online guides for ssh:

https://www.ssh.com

troubleshoot ssh problems

set up authorized_keys

use ssh-agent

Please see the HPC3 reference guide for information on submitting jobs, using environment modules, submitting support tickets and more.