High Performance Computing Center North
[Secure Shell Login and File Transfer | Passwordless Login | GSSAPI with ssh and PuTTY clients | First Time Login / Password Change | Forgotten Password ]
To be able to access HPC2N clusters from a remote computer using your HPC2N login name and password, you need to use a secure shell (optionally with GSSAPI for passwordless login). On GNU/Linux, OS X, and other Unix-like operating systems we recommend using OpenSSH's ssh (secure shell) for login and scp (secure copy) for file transfer. The following table shows recommended clients for all major platforms:
|Operating System||Shell Login||File Transfer|
PSFTP (Part of PuTTY. Free)
|OS X||ssh (built-in in Terminal),
|scp (built-in in Terminal),
MobaXterm (Commercial, but basic feature version is free),
FileZilla (only sftp. Free),
MobaXterm (Commercial. The free version has limits to the file transfers)
Documentation can be found on the above sites or by typing man ssh or man scp if you're using a terminal emulator. You can also get more information on our SSH X11 forwarding page. The following example shows connecting to Kebnekaise from your local machine and copying a file (found in your home directory) from Kebnekaise to the /tmp directory on your local machine:
user@localhost:~$ ssh firstname.lastname@example.org user@localhost:~$ scp email@example.com:file /tmp
(Note: If you have just logged in to HPC2N for the first time you must change your password; see below First Time Login / Password Change.)
Also note that the HPC2N and SUPR accounts are separate!
NOTE: SSH Key-Based Authentication does NOT work on any of HPC2N's systems.
However, you can use Kerberos/GSSAPI based authentication to access HPC2N's systems instead. GSSAPI allows you to type your password once when obtaining your Kerberos ticket, and while that ticket is valid you don't have to retype your password.
For the ssh client, enable the following configuration options in $HOME/.ssh/config:
Host *.hpc2n.umu.se GSSAPIAuthentication yes GSSAPIDelegateCredentials yes PreferredAuthentications gssapi-keyx,gssapi-with-mic,password
Note that the Host keyword restricts the subsequent declarations to a specific host or domain (HPC2N). Also note that for the above options to work, the ssh client had to be previously compiled with the configuration option --with-kerberos5. Most major GNU/Linux distributions offer their standard ssh client with this option turned on.
Before running the ssh command make sure you have a valid Kerberos ticket (klist command) or obtain one by running the kinit command.
$ kinit <username>@HPC2N.UMU.SE
On Windows users can use PuTTY. In PuTTY configuration menu Connection –> Auth make sure that both of the Kerberos 5 GSSAPI boxes are checked, to attempt GSSAPI authentication and to allow GSSAPI credential delegation.
The first time you log in to any HPC2N system (see the section above on how to log in using ssh) you must change your password. This is done using the passwd command:
t-mn01 [~]$ passwd
Use a good password that combines letters of different case. Do not use dictionary words. Avoid using the same password that you also use in other places.
It will first ask for your current password. Type in that and press enter. Then type in the new password, enter, and repeat. You have changed the password.
If you forget your password it can be restored using the Password restore service. It requires that you have a SUPR id and that your account at HPC2N is connected to your SUPR id.