FAQs: Difference between revisions
No edit summary |
No edit summary |
||
| Line 41: | Line 41: | ||
</pre> | </pre> | ||
Next time you login to Tycho with ssh, instead of asking for the password, the server will request your pass phrase from the client (the | Next time you login to Tycho with ssh, instead of asking for the password, the server will request your pass phrase from the client (the passphrase you supplied when running the ssh-keygen command). However, rather than writing it every time at the ssh prompt, you can use "ssh-add" to give the pass phrase once and keep the decrypted private key in memory. On Mac and Linux this works transparently, on windows you need to make sure that another program, ssh-agent, is running on the system and can store the decrypted key. You can read some suggestions about how to do that on Windows here: https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement | ||
If your ssh command is issued in a window inside a VNC session, or in a window on your local laptop, chances are you can just type "ssh-add" to store the password in a process called ssh-agent, which typically is already running (most X-sessions -- such as the ones you start under VNC -- are automatically started as child processes of an ssh-agent). | If your ssh command is issued in a window inside a VNC session, or in a window on your local laptop, chances are you can just type "ssh-add" to store the password in a process called ssh-agent, which typically is already running (most X-sessions -- such as the ones you start under VNC -- are automatically started as child processes of an ssh-agent). | ||
If an ssh-agent process is already running (and your ssh command is a descendant of it), it stores the credentials created by your once-per-reboot ssh-add command and automatically answers requests from hosts you try to connect to. If for some reason no ssh-agent is running on an intermediate host, then as an alternative you can forward your ssh-credentials from your laptop, by using "ssh -A" to login to astro0X, and continuing an ssh from there (having stored the id_rsa.pub from your laptop on the remote supercomputer). | If an ssh-agent process is already running (and your ssh command is a descendant of it), it stores the credentials created by your once-per-reboot ssh-add command and automatically answers requests from hosts you try to connect to. If for some reason no ssh-agent is running on an intermediate host, then as an alternative you can forward your ssh-credentials from your laptop, by using "ssh -A" to login to astro0X, and continuing an ssh from there (having stored the id_rsa.pub from your laptop on the remote supercomputer). | ||
Finally, if for some reason you start out from a place (such a just a command window) where no ssh-agent is running, you can just start one, by doing | Finally, if for some reason you start out from a place (such a just a command window) where no ssh-agent is running, you can just start one, by doing | ||
| Line 51: | Line 53: | ||
</pre> | </pre> | ||
This starts an ssh-agent, which starts bash | This starts an ssh-agent, which starts bash as a descendant. Then execute "ssh-add", and you're free from typing the pass phrase, for as long as you keep the ssh-agent running. | ||
'''How do I get my IP white-listed''' | '''How do I get my IP white-listed''' | ||
| Line 73: | Line 75: | ||
<pre> | <pre> | ||
sshfs username@ | sshfs username@astro01.hpc.ku.dk:/astro/username/ ~/nbi/ -oauto_cache,reconnect,volname=nbi | ||
</pre> | </pre> | ||
| Line 82: | Line 84: | ||
</pre> | </pre> | ||
SSH tunneling: To create a tunnel for for example display :11 on | SSH tunneling: To create a tunnel for for example display :11 on astro01 using ssh, do | ||
<pre> | <pre> | ||
ssh | ssh astro01 -L 5911:localhost:5911 | ||
</pre> | </pre> | ||
| Line 91: | Line 93: | ||
<pre> | <pre> | ||
ssh | ssh astro01 -L 5911:localhost:5911 -fN | ||
</pre> | </pre> | ||
| Line 99: | Line 101: | ||
Host tunnel | Host tunnel | ||
User username | User username | ||
HostName | HostName astro01.hpc.ku.dk | ||
LocalForward 5911 | LocalForward 5911 | ||
localhost:5911 | localhost:5911 | ||
| Line 133: | Line 135: | ||
* Is there a standard module to load which lays out everything - no sweat? | * Is there a standard module to load which lays out everything - no sweat? | ||
Yes, | Yes, access to the astro software is provided by writing | ||
<pre> | |||
module load astro | |||
</pre> | |||
command that makes all astro specific modules available. You can see what is available by writing | |||
<pre> | <pre> | ||
module load avail | |||
</pre> | </pre> | ||
and list what you have loaded with | |||
<pre> | <pre> | ||
module load list | |||
</pre> | </pre> | ||
To undo the default and start from scratch, use | To undo the default and start from scratch, use | ||
Latest revision as of 09:59, 6 March 2025
How do I access the HPC Cluster?
You can remotely access the frontend machines astro01-09 via SSH to submit jobs or to analyze data (see Hardware for an up to date list of available frontends). For example, you can login to the astro01 machine entering the following in the command line
ssh username@astro01.hpc.ku.dk
From which you will be prompted to enter your password (Note: If the connection times out, it's likely that your IP address is not recognised). By entering the correct password, you will arrive at your home directory /groups/astro/username. It may be a good idea to check the load factor after logging in, using "top", and choose a different frontend if the CPU or memory use is already high (use "<" or ">" in top to temporarily change from sorting on CPU to memory / virtual memory).
You can cut this down to
ssh astro01
by adding these lines to the file ~/.ssh/config:
Host astro01
User username
HostName astro01.hpc.ku.dk
Do not use the ssh option -Y, which "enables trusted X11 forwarding". This means, basically, that you turn off some essential X security features and say "I trust the remote host completely". Forwarding of X should work without any extra options.
How can I setup a passwordless ssh?
You can avoid to type in your password each time for the authenticating of SSH sessions, by using an SSH key with the RSA encryption, in combination with ssh-add and ssh-agent. Therefore, you generate with ssh-keygen on your local laptop/computer a pair of a personal (id_rsa) and public key (id_rsa.pub). A widely recommended and secure cipher to use is based on ED25519 encryption
ssh-keygen -t ed25519
With the option -t you specify the encryption type. Here we use ED25519; many others exist but that is what is recommended across large organizations to keep your key, login, and data secure. You will asked for the filename, you can just press enter and use the default. Then, you will be asked for a passphrase to protect your personal key. You should NOT under any circumstances use an empty pass phrase; it is not necessary for convenience reasons (see below), and could endanger your access to remote supercomputers. Use instead a "pass phrase"; similar to a password. There will be stored two keys (id_ed25519 and id_ed25519.pub) in the hidden folder ~/.ssh/ on your client (normally your laptop, but it could also be a server you want to use to login to Tycho). To use the key-pair for logging in you have to copy your public key from your client to Tycho and store it in the file ~/.ssh/authorized_keys. From your client (e.g. the laptop) do:
cat ~/.ssh/id_rsa.pub | ssh username@astro01.hpc.ku.dk 'cat >> .ssh/authorized_keys'
Next time you login to Tycho with ssh, instead of asking for the password, the server will request your pass phrase from the client (the passphrase you supplied when running the ssh-keygen command). However, rather than writing it every time at the ssh prompt, you can use "ssh-add" to give the pass phrase once and keep the decrypted private key in memory. On Mac and Linux this works transparently, on windows you need to make sure that another program, ssh-agent, is running on the system and can store the decrypted key. You can read some suggestions about how to do that on Windows here: https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement
If your ssh command is issued in a window inside a VNC session, or in a window on your local laptop, chances are you can just type "ssh-add" to store the password in a process called ssh-agent, which typically is already running (most X-sessions -- such as the ones you start under VNC -- are automatically started as child processes of an ssh-agent).
If an ssh-agent process is already running (and your ssh command is a descendant of it), it stores the credentials created by your once-per-reboot ssh-add command and automatically answers requests from hosts you try to connect to. If for some reason no ssh-agent is running on an intermediate host, then as an alternative you can forward your ssh-credentials from your laptop, by using "ssh -A" to login to astro0X, and continuing an ssh from there (having stored the id_rsa.pub from your laptop on the remote supercomputer).
Finally, if for some reason you start out from a place (such a just a command window) where no ssh-agent is running, you can just start one, by doing
ssh-agent bash
This starts an ssh-agent, which starts bash as a descendant. Then execute "ssh-add", and you're free from typing the pass phrase, for as long as you keep the ssh-agent running.
How do I get my IP white-listed
On any of the astro0X hosts, use the command
hpc-setup-firewall.sh
You have three personal slots, but other people's slots also work for you. The first time you login from home, or a new place, you may need to login via muon.nbi.dk, or some other NBI host, from which astro0X is already open. To find your IP-number, either use one of the web-services (but beware of spam-ware), or just type "finger -m $user" after logging in to an NBI host. SSHFS.
You can locally access remote data on the frontend very conveniently by the SSH file system (SSHFS). To use SSHFS you need to install FUSE. For Linux you can install fuse and for Mac there is osxfuse. You need to create an empty file as mount point on your local laptop/computer, e.g.
makedir ~/nbi
Then you mount your by specifying the host and the mount point.
sshfs username@astro01.hpc.ku.dk:/astro/username/ ~/nbi/ -oauto_cache,reconnect,volname=nbi
You can unmount the filesystem with
fusermount -u ~/nbi
SSH tunneling: To create a tunnel for for example display :11 on astro01 using ssh, do
ssh astro01 -L 5911:localhost:5911
You can do the same without starting a remote shell by doing
ssh astro01 -L 5911:localhost:5911 -fN
If you succeed in always using display :11 you can add the tunnel configuration as part of the ~/.ssh/config file:
Host tunnel
User username
HostName astro01.hpc.ku.dk
LocalForward 5911
localhost:5911
and then start the tunnel with
ssh tunnel -fN
GENERAL & SUPPORT
Whom should I ask which questions?
- login nodes are unreachable: mailto:support@hpc.ku.dk
- login nodes are alive, but I don't have a homedir: mailto:support@hpc.ku.dk
- I don't have access to the software I need: mailto:support@hpc.ku.dk
- forgot my password: mailto:support@hpc.ku.dk
- Is there a sharing policy?
- cluster queues
- disk space
- analysis servers
- Can I run codes interactively, fx on a front end, or on an analysis server?
ENVIRONMENTS
- What are 'modules' and how do I use them?
- What is my default environment setup?
- MPI - libraries - compilers -...
- Is there a standard module to load which lays out everything - no sweat?
Yes, access to the astro software is provided by writing
module load astro
command that makes all astro specific modules available. You can see what is available by writing
module load avail
and list what you have loaded with
module load list
To undo the default and start from scratch, use
module purge
SOFTWARE
- What software do I have available?
- Do I have access
- What is SLURM?
- Can I submit SLURM jobs from anywhere?
- How do I find out which queues I can submit to?
STORAGE
- Where should I put data from large simulations?
- How much disk space can I claim?
- How long can I have stuff on disk?
- Are my data backed up, and where?