- Infos im HLRS Wiki sind nicht rechtsverbindlich und ohne Gewähr -
- Information contained in the HLRS Wiki is not legally binding and HLRS is not responsible for any damages that might result from its use -
NEC Cluster access (vulcan): Difference between revisions
(→Access) |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 11: | Line 11: | ||
* n010501-n203302 | * n010501-n203302 | ||
for running parallel jobs are only available through the [[Batch_System_PBSPro_(vulcan) | Batch system]] ! | for running parallel jobs are only available through the [[Batch_System_PBSPro_(vulcan) | Batch system]] ! | ||
== Two-factor authentication with TOTP == | |||
An optional protection of ssh access with a two-factor authentication (2FA) based on Time-based One-Time-Password (TOTP) is possible. | |||
On login nodes, each user can decide for himself whether access should be secured via TOTP. | |||
In order to be able to use TOTP, a secret must be created. For this we have provided a tool "<font color=blue><tt>generate_2fa_otp.sh</tt></font>". It prints out a secret QR code which needs to be scanned by your cell phone TOTP app or saved into another TOTP-end device like a USB NitroKey. The generated private secret will be activated by the system the following day. | |||
Do not pass on the contents of the file ''user.oath'' in your ''.ssh'' - Directory or the QR code of the ''genertate_2fa_otp.sh'' command. Make sure that nobody has access to this secret. Always use different devices for the login and the generation of the Time based One-Time Password (TOTP)! | |||
==== Example setup using Android smart phone with google authenticator ==== | |||
An easy way to configure TOTP using a smart phone is as follows: | |||
Install an authenticator app on your smart phone. In this example | |||
''google authenticator'' is used. | |||
Login on vulcan's frontend system. | |||
Run the command "<font color=blue><tt>generate_2fa_otp.sh</tt></font>" . | |||
Start the authenticator app on your smart phone and | |||
press the '''<big>+</big>''' button to add a new secret. | |||
Select "QR-Code scan" and | |||
scan the QR-code generated by the ''generate_2fa_otp.sh'' command | |||
[[File:TOTP Import Google authenticator.png|thumb|Scan QR-Code to import secret into google authenticator]] | |||
===== daily use ===== | |||
Within the login-procedure you will be prompted for the | |||
One-time password (OATH) for `<your user name>': | |||
open your google authenticator app an insert the 6-digit number for your HLRS vulcan account. | |||
For multiple logins, the secret only needs to be entered the first time you log in. For further logins from the same system, the query is skipped for a certain period of time | |||
{{Note|text = | |||
The OATH token is cached separately for each login node. So in case you use the load balancer you might get asked for an OATH token several times}} | |||
== [[NEC_Cluster_Support_(vulcan)|FAQ / Support / Feedback / Informations]] == | == [[NEC_Cluster_Support_(vulcan)|FAQ / Support / Feedback / Informations]] == |
Latest revision as of 10:05, 7 November 2024
Access
The only way to access the NEC Cluster vulcan (frontend/login nodes) from outside HWW net is through ssh.
Information on how to set up ssh can be found on our webserver at Secure Shell (ssh).
Usage
There are several frontend/login nodes available:
- vulcan.hww.hlrs.de
The frontend nodes are intended as single point of access to the entire cluster. Here you can set your environment, move your data, edit and compile your programs and create batch scripts. Interactive usage like run your program which leads to a high load is NOT allowed on the frontend/login nodes.
The compute nodes:
- n010501-n203302
for running parallel jobs are only available through the Batch system !
Two-factor authentication with TOTP
An optional protection of ssh access with a two-factor authentication (2FA) based on Time-based One-Time-Password (TOTP) is possible. On login nodes, each user can decide for himself whether access should be secured via TOTP. In order to be able to use TOTP, a secret must be created. For this we have provided a tool "generate_2fa_otp.sh". It prints out a secret QR code which needs to be scanned by your cell phone TOTP app or saved into another TOTP-end device like a USB NitroKey. The generated private secret will be activated by the system the following day.
Do not pass on the contents of the file user.oath in your .ssh - Directory or the QR code of the genertate_2fa_otp.sh command. Make sure that nobody has access to this secret. Always use different devices for the login and the generation of the Time based One-Time Password (TOTP)!
Example setup using Android smart phone with google authenticator
An easy way to configure TOTP using a smart phone is as follows:
Install an authenticator app on your smart phone. In this example google authenticator is used. Login on vulcan's frontend system. Run the command "generate_2fa_otp.sh" . Start the authenticator app on your smart phone and press the + button to add a new secret. Select "QR-Code scan" and scan the QR-code generated by the generate_2fa_otp.sh command
daily use
Within the login-procedure you will be prompted for the
One-time password (OATH) for `<your user name>':
open your google authenticator app an insert the 6-digit number for your HLRS vulcan account. For multiple logins, the secret only needs to be entered the first time you log in. For further logins from the same system, the query is skipped for a certain period of time
FAQ / Support / Feedback / Informations
We provide a FAQ section which will be extended continuously.
Finally please feel free to contact us.
- System administration: vulcan (a) hww.hlrs.de