System Access

  

OverviewCommand Line/Terminal Access

WindowsMacLinux

X11 ForwardingX11 Forwarding on WindowsX11 Forwarding on Mac and Linux

SSH KeysWeb Access

Terminal AccessVirtual Desktop

Port forwarding

Overview

Logging into the HPC supercomputers starts with your UArizona NetID and password with two-factor authentication enabled. Logging in will first connect you to something called the bastion host, a computer that provides a gateway to our three clusters: Ocelote, ElGato, and Puma. This is the only function the bastion host serves. It is not for storing files, running programs, or accessing software. 

A comprehensive walkthrough of this process is in our  . This page is intended to provide you with instructions on getting Puma Quick Start pageterminal access to the system from your specific OS, how to log into the system from our web interface ( ), how to set up X11 (image) Open OnDemandforwarding, and how to configure your account to allow for a password-less login (see: ).SSH Keys

Login Help

If you experience any problems, refer to our which provides some solutions to common problems.FAQ page

Command Line/Terminal Access

WindowsMacLinux

To log into HPC, you will need enabled, an , and internet access. Because we require Duo-authentication to access the system, NetID+ HPC accountno VPN is required. 

Logging in will first connect you to something called the bastion host, a computer that provides a gateway to our three clusters: Ocelote, ElGato, and Puma. This is the only function the bastion host serves. It is not for storing files, running programs, or accessing software. When you reach the bastion host, you should see:

Success. Logging you in...Last login:This is a bastion host used to access the rest of the RT/HPC environment. Type "shell" to access the job submission hosts for all environments-----------------------------------------

From there, type to connect to the login nodes that will provide access to our three clusters. shell

When you connect to a login node, you will see:

***The default cluster for job submission is Puma***Shortcut commands change the target cluster-----------------------------------------Puma:$ puma(puma) $Ocelote:$ ocelote(ocelote) $ElGato:$ elgato(elgato) $-----------------------------------------

By default, you will be connected to Puma when you first log in. To access the other clusters, follow the shortcut commands. 

How you initially access the system is dependent on your operating system. Specific OS instructions are provided below:

Windows

Windows systems do not have any built-in support for using SSH, so you will have to download a software package to do so. There are several available for Windows workstations.  Free SSH clients are available for download from the University of Arizona's Site License website.  

PuTTY

PuTTY is the most popular open source SSH Windows client. To use it: download, install, and open the . Next,  Putty client  open a connection and enterunder Host Name and press Openhpc.arizona.edu 

All the integration on UArizona HPC supercomputers is done with the  "bash” shell which means to get consistent results,   mubashst be your shell.  New HPC users automatically are set to the bash shell unless they already are using a different shell.When using SSH, if you leave out the   then it may default to your workstation username, which may not be valid; on Linux netid@and MacOS you can override this via a ~/.ssh/config "User netid" config line. On Windows, there may be an application-specific way to set the username for connections.hpc.arizona.eduIf you try to log in and get a continuous prompt of "password" and nothing else, you are probably not registered for  . NetID+

This will open a terminal. At the prompt, enter the following, replacing with your own NetID:<netid>

Login as: <netid>

You will then be prompted to Duo-Authenticate. If the process is successful, you will be connected to the bastion host.

MobaXterm

MobaXterm is another available SSH Windows client. To connect to HPC, , open the software, select download and install MobaXterm Session  SSHand enter under . Next, select the box next to  and enter your UArizona NetID. To connect, click hpc.arizona.edu Remote host Specify usernameOK at the bottom of the screen:

This will open a terminal and will prompt you for your UArizona password. You will then need to Duo-authenticate. If everything is successful, you will be connected to the bastion host.

Mac

Mac systems provide a built-in SSH client, so there is no need to install any additional software. You will find the terminal application under Applicatio.ns  Utilities  Terminal

Open the terminal and enter:

$ ssh netid@hpc.arizona.edu

where is your UArizona NetID. When you press enter, you will be prompted for your university password. Note: you will not see any characters netidappear on the screen while typing during this step. This is normal and everything is working as it should. After successfully entering your password, you will be prompted to Duo Authenticate. If everything is successful, you will be connected to the bastion host.

Linux

Linux systems provide a built-in SSH client, so there is no need to install additional software. Simply locate and run the app. Terminal 

Open the terminal and enter:

$ ssh netid@hpc.arizona.edu

where is your UArizona NetID. When you press enter, you will be prompted for your university password. Note: you will not see any characters netidappear on the screen while typing during this step. This is normal and everything is working as it should. After successfully entering your password, you will be prompted to Duo Authenticate. If everything is successful, you will be connected to the bastion host.

X11 ForwardingX11 forwarding is a mechanism that allows a user to start up a remote application (e.g. VisIt or Matlab) and forward the application display to their local machine. The key to make forwarding work successfully is to include the  flag at each login step. To check whether X11 forwarding is active, -Xyou may run the command:

$ echo $DISPLAY

If it comes back blank, something has gone wrong.

X11 forwarding can be used with interactive sessions. This requires using the -X flag as part of your sbatch submission. More information can be found on our  page. Running Jobs with SLURM

X11 Forwarding on Windows

To use X11 forwarding on a Windows system, you will need to download an X11 display server such as Xming. 

Putty

To enable X11 forwarding in PuTTY, go to  and select the box next to .SSH  X11 Enable X11 forwarding

Once you've connected to the bastion host, connect to the login nodes with the an additional flag :-X

$ shell -X

MobaXterm

To enable X11 forwarding in MobaXterm, open a new session, select , and open . Select the option below called SSH Advanced SSH settings X11-.Forwarding

Once you've connected to the bastion host, connect to the login nodes with the an additional flag :-X

$ shell -X

X11 Forwarding on Mac and Linux

Start a terminal session and connect as you typically would with an additional flag in your command (shown in the example below). Once -X sshyou're connected to the bastion host, enter the name of the cluster you want to access, including the additional flag again. An example of this -Xprocess is provided below:

On a Mac, if you get a blank response to "echo $DISPLAY, you might need this line in your .ssh/config file: ForwardX11TrustedyesMac users will want to install the additional software package onto their machines to use X11 forwarding with HPC. XQuartzBe aware forwarding X traffic does not work with the DEPRECATED menu interface enabled.  You should disable the menu option and use the hostname shortcuts instead.

1.

2.

3.

$ ssh -X netid@hpc.arizona.eduPassword:Duo two-factor login for netidEnter a passcode or select one of the following options:

1. Duo Push to XXX-XXX-8969 2. Phone call to XXX-XXX-8969 3. Phone call to XXX-XXX-0502 4. SMS passcodes to XXX-XXX-8969

Passcode or option (1-4): 1Success. Logging you in...Last login:This is a bastion host used to access the rest of the RT/HPC environment. Type "shell" to access the job submission hosts for all environments-----------------------------------------  [netid@gatekeeper ~]$ echo $DISPLAYlocalhost:13.0

[netid@gatekeeper ~]$ shell -X***The default cluster for job submission is Puma***Shortcut commands change the target cluster-----------------------------------------Ocelote:$ ocelote(ocelote) $Puma:$ puma(puma) $

(puma)[netid@junonia ~]$ echo $DISPLAYlocalhost:18.0

SSH Keys

Why Use SSH Keys?

The Bastion Host uses two-factor authentication and will, by default, prompt you for a password and 2nd factor when you attempt to log in. As an alternative, you can use PKI (Public Key Authentication). This means you will not have to provide a password or Duo-authenticate for any future sessions. To do this, you will need to create an SSH Key on your local workstation and copy the public key to the ~/.ssh/authorized_keys file in your HPC account on the bastion host.

SSH keys on Mac or Linux

In a Terminal session on your local workstation:

Create a public-key pair: 

$ ssh-keygen -t rsa

You will be prompted to enter a passphrase. This is optional, but we strongly recommend that you do so.

After running that command, you will have two new files on your local computer: ~/.ssh/id_rsa and   ~/.ssh/id_rsa.pubis your private key file. ! It is analagous to your password; anybody who has this file can id_rsa  Do not share this with anybody

impersonate you.is your public key file. You will upload this onto any servers that you wish to automatically login to.id_rsa.pub 

Copy the public key to the Bastion Host (you will need to enter your password this one time): 

$ ssh-copy-id netid@hpc.arizona.edu

3.

4.

1. 2. 3. 4.

1.

2.

If your computer does not support the ssh-copy-id command, run the following commands:

$ scp ~/.ssh/id_rsa.pub netid@hpc.arizona.edu:$ ssh netid@hpc.arizona.edu # (you will need to use your password this time)$ mkdir -p ~/.ssh && cat ~/id_rsa.pub > .ssh/authorized_keys && rm ~/id_rsa.pub # On the server, copies the key into the appropriate file

Now, logout and attempt to login to the server again. You should not be prompted for a password!

SSH Keys on Windows

To setup SSH keys on Windows with the PuTTy client, refer to the official PuTTy documentation.

Web AccessThe web interface, , provides access to HPC's three clusters. More comprehensive information on this service can be found on our Open OnDemand O

page.pen On Demand

Terminal Access

Users can gain command line access to HPC through our OOD web interface as an alternative to using a local SSH Client. To use this interface:

Log into https://ood.hpc.arizona.edu/Go to the dropdown menu at the top of the screen and select ClustersSelect the cluster you wish to access (ElGato, Ocelote, or Puma)This will put you on the command line on one of the login nodes. From there, you may perform regular housekeeping work, submit jobs, or request an interactive session.

Virtual Desktop

Users may also interact with a cluster using a virtual desktop interface. To do this:

Log into   and, under on the left-hand side of the screen, select the cluster you would like to https://ood.hpc.arizona.edu/ Interactive Appsconnect to under .Desktops

A form will appear where you will enter the amount of you'd like to be allotted (in hours), the number of you need, your time cores PI Group(if you are unsure what your group name is, you can check in  ), and the (we recommend using https://portal.hpc.arizona.edu/portal/ queueStandard). Once you've filled in your request, click .Launch

2.

3.

4.

A window will appear with the status of your request. It will start in a Pending state and will switch to Running when your desktop session is ready. Click "Launch <cluster> Desktop" to access your session.

That's it! You can now use the cluster with a Desktop interface

1.

2.

3. 4.

5.

Port forwardingPort forwarding can be useful for running Jupyter Notebooks on HPC. You can run a notebook on a compute node and access it from your web browser without X11 forwarding or OpenOnDemand Desktop app. Here are the steps to forward ports on Puma.

Start an . Once the job starts write down the name of the compute node. You can find the node name in one of the messages interactive jobwhen the job starts, for example

$ salloc: Nodes r1u04n2 are ready for job

Use an anaconda environment to start a Jupyter notebook. In this example jupyter-puma is the name of a conda environment.

$ module load anaconda$ source activate jupyter-puma$ jupyter notebook --no-browser --port=8888

Connect to the .HPC VPNIn a new command line terminal run

$ ssh -t -t your_NetID@shell.hpc.arizona.edu -L 8888:localhost:8888 ssh r1u04n2 -L 8888:localhost:8888

Here you will need to substitute your NetID instead of your_NetID and the name of the compute node from step 1 instead of r1u04n2.Enter localhost:8888 in your web browser and you will see the Jupyter screen.

It also might be useful to create a beforehand to access your custom conda environment in a notebook.custom Jupyter kernel