Accessing the cluster

From ScientificComputing
Jump to: navigation, search

< Home

Storage and data transfer >


Accessing the clusters.png

Prerequisites

How to access the cluster

From a terminal (Linux, MacOS, Git BASH, WSL)

  • Make sure that you are connected to the ETH network, either by using the on-side wifi/Ethernet or by using a VPN
  • Start a terminal
  • Use ssh command to connect to the login node of Euler
 $ ssh username@euler.ethz.ch
  • Use your ETH credentials to log in (not the wi-fi password, that is usually different)

For Windows users

You have several options and tools available to you :

For new users and unverified accounts - all operating systems

Upon the first login, a verification code should be sent to your ETH email address (username@ethz.ch). Enter the verification code to the prompt :

An access code has been sent to your ETH email address.
Enter the access code at the prompt below.
If you do not receive the access code within a few minutes,
then contact us by opening a ticket at
http://smartdesk.ethz.ch

Access code (ending in ******Ls):

After a successful login with password, generate SSH keys for passwordless login.

To use a GUI on the cluster

  • In MobaXterm, X11 forwarding is already included and enabled
  • In PuTTY, go to Connection > SSH > X11, check the box Enable X11 forwarding
  • From a terminal (Linux, MacOS, Git BASH, WSL), users have to enable X11 forwarding when log in
   $ ssh -Y username@euler.ethz.ch

Who can access the cluster

Euler CPU Euler GPU
Shareholders who invest in the cluster resources
Euler CPU shareholders

Euler GPU shareholders
External collaborators of shareholders
Upon invitation of their ETH collaborator

If the ETH collaborator's share contains GPUs
Guest users
All ETH members can access Euler as guest users with limited resources

External collaborators

Members of other institutions who have a collaboration with a research group at ETH may use the clusters for the purpose of said collaboration

  • Their counterpart (“sponsor”) at ETH can create an ETH guest account, e-mail address and VPN service for them
  • Then, they can access Euler like members of ETH

Security

  • To connect from outside of the ETH network to the cluster, establish first a VPN connection. Then, connect to the cluster through SSH.
  • To connect from a compute node to an external service, use the ETH proxy service:
$ module load eth_proxy

Legal Compliance

The HPC clusters are subject to ETH’s acceptable use policy for IT resources (Benutzungsordnung für Telematik (BOT)), in particular:

  • Cluster accounts are strictly personal
  • DO NOT share your account (password, sshkeys) with anyone
  • DO NOT use someone else’s account, even if they say it’s OK
  • If you suspect that someone used your account, change your password and contact cluster support

Security.png

Consequences:

  • In case of abuse, the offender’s account may be blocked temporarily or closed
  • System administrators are obliged by law to investigate abusive or illegal activities and report them to the relevant authorities

SSH Keys

SSH keys allows passwordless login which is useful for file transfers, automated tasks and running interactive tools on the cluster. When used properly, SSH keys are much safer than passwords. SSH keys always come in pairs:

  • A private key, stored on your local workstation (and nowhere else!)
  • A public key, stored on the computer(s) you want to connect to

You can generate as many pairs as you like, e.g., one for each computer you intend to connect to. Keep in mind that :

  • Keys should be protected with a passphrase
  • You can unlock keys with SSH key management tools such as ssh-agent and keychain


Step 1: Create your keys

   Ssh keys gen.png
  • First, verify whether logging in with password works
  • Generate a key pair with the ed25519 algorithm for each computer you want to connect to
$ ssh-keygen -t ed25519 -f $HOME/.ssh/id_ed25519_euler
  • Enter a passphrase to protect your SSH keys


Step 2: Copy the public key to the cluster

   Ssh keys copy.png
$ ssh-copy-id -i $HOME/.ssh/id_ed25519_euler.pub username@euler.ethz.ch


Step 3: Use keys with non-default names

Ssh keys connect.png

The login commands become:

$ ssh -i $HOME/.ssh/id_ed25519_euler username@euler.ethz.ch

Alternatively, SSH clients can use this option automatically by adding the option IdentityFile in your $HOME/.ssh/config file, e.g.:

Host euler
HostName euler.ethz.ch
User username
IdentityFile ~/.ssh/id_ed25519_euler

Next time you login, you can type

$ ssh euler


SSH key management with SSH Agent

As we have to enter the passphrase to unlock the keys, it takes away the convenience of passwordless login. We can use an SSH agent (ssh-agent) to unlock the SSH keys.

$ eval `ssh-agent`
Agent pid 17906

$ ssh-add $HOME/.ssh/id_ed25519_euler
Enter passphrase for id_ed25519_euler:
Identity added: id_ed15519_euler (username@local-computer-name)

Further reading


< Home

Storage and data transfer >