- Infos im HLRS Wiki sind nicht rechtsverbindlich und ohne Gewähr -
- Information contained in the HLRS Wiki is not legally binding and HLRS is not responsible for any damages that might result from its use -
HPE Hawk access: Difference between revisions
(→TOTP) |
|||
| Line 40: | Line 40: | ||
As soon as the TOTP functionality has been set up, we will announce this accordingly. On login nodes, each user can decide for himself whether access should be secured via TOTP. | As soon as the TOTP functionality has been set up, we will announce this accordingly. On login nodes, each user can decide for himself whether access should be secured via TOTP. | ||
In order to be able to use TOTP, a secret must be created. For this we have provided a tool "<font color=blue><tt>generate_2fa_otp.sh</tt></font>". It prints out a secret QR code which needs to be scanned by your cell phone TOTP app or saved into another TOTP-end device like a USB NitroKey. The generated private secret will be activated by the system the following day. | In order to be able to use TOTP, a secret must be created. For this we have provided a tool "<font color=blue><tt>generate_2fa_otp.sh</tt></font>". It prints out a secret QR code which needs to be scanned by your cell phone TOTP app or saved into another TOTP-end device like a USB NitroKey. The generated private secret will be activated by the system the following day. | ||
==== Example setup using Android smart phone with google authenticator ==== | |||
An easy way to configure TOTP using a smart phone is as follows: | |||
install an authenticator app on your smart phone. In this example | |||
''google authenticator'' is used. | |||
login on Hawk's frontend system. | |||
Run the command "<font color=blue><tt>generate_2fa_otp.sh</tt></font>" | |||
start the authenticator app on your smart phone | |||
press the + button to add a new secret | |||
select "QR-Code scan" | |||
scan the QR-code generated by the ''generate_2fa_otp.sh'' command | |||
[[File:TOTP Import Google authenticator.png|thumb|Scan QR-Code to import secret into google authenticator]] | |||
Revision as of 12:06, 15 March 2024
Access
The only way to access the HPE Hawk (frontend/login nodes) from outside HWW net is through ssh.
Information on how to set up ssh can be found on our webserver at Secure Shell (ssh).
The SSH public key fingerprints are:
| Type | Fingerprint |
|---|---|
| ECDSA | SHA256:e9baVVjIcaztKSdn30R0Gk5xrta/WP9scQ1GsLsrWC4 |
| ED25519 | SHA256:832zq3DA5JvYvo39piPXqqt3SA77VjuvF26e8c25d28 |
| RSA | SHA256:4u+wl6y+ylXxZHjDYt35S9aRk7SMx8U8xc4Jp+NYonk |
Usage
There are several frontend/login nodes available, access is available using:
- hawk.hww.hlrs.de
or by seelecting one specific server:
- hawk-login03.hww.hlrs.de
- hawk-login04.hww.hlrs.de
- hawk-login05.hww.hlrs.de
The frontend nodes are intended as single point of access to the entire system. Here you can set your environment, move your data, edit and compile your programs and create batch scripts. If doing so might require an increased number of resources (compiling, creating tarballs of dozens of MBs or more, copying a large amount of data, etc.), please prefix "nice -+19" to the respective command in order to keep the login node responsive for other users! Interactive usage like run your program which leads to a high load is NOT allowed on the frontend/login nodes.
The compute nodes:
- r1?c?t?n?
for running parallel jobs are only available through the Batch system !
Two-factor authentication with TOTP
We are currently preparing the optional protection of ssh access with a two-factor authentication (2FA) based on Time-based One-Time-Password (TOTP). As soon as the TOTP functionality has been set up, we will announce this accordingly. On login nodes, each user can decide for himself whether access should be secured via TOTP. In order to be able to use TOTP, a secret must be created. For this we have provided a tool "generate_2fa_otp.sh". It prints out a secret QR code which needs to be scanned by your cell phone TOTP app or saved into another TOTP-end device like a USB NitroKey. The generated private secret will be activated by the system the following day.
Example setup using Android smart phone with google authenticator
An easy way to configure TOTP using a smart phone is as follows:
install an authenticator app on your smart phone. In this example google authenticator is used. login on Hawk's frontend system. Run the command "generate_2fa_otp.sh" start the authenticator app on your smart phone press the + button to add a new secret select "QR-Code scan" scan the QR-code generated by the generate_2fa_otp.sh command
