DUO Two-factor Authentication
Before gaining access to any of the RCI systems, each user will need to be enrolled with a Duo Security account. Duo is a two-factor authentication mechanism that provides ultimate protection against targeted attacks. Duo provides several different methods of authentication, including: Duo Push, Duo Mobile Passcodes, SMS Passcodes, Phone Callback, Hardware Tokens. The easiest and most streamlined method for users is the Duo Push service, which provides one click authentication from a user’s smart phone device. More information on Duo Push can be found at Duo Security’s Website.
A Duo Security account will be created when an HPC account is created. Expect an email from “Duo Security” and make sure to check SPAM folders. For the Duo Push App, simply go to your app stores to find the application. The Duo Push app is available on most mobile platforms (iPhone, Android, Blackberry and Windows Phone 7).
Accessing Login Nodes
Each High Performance Computing System has a login node (or nodes) to provide access to the systems. To access a login node, you must have a Duo account, as described above, and an SSH client.
From Linux/MacOSX/UNIX (or from within the Cygwin environment in Windows) do the following to connect:
ssh -p 222 <username>@servername.sc.edu
Usernames and passwords are assigned when your account is created.
When assigned an account on a system, replace “servername” with the appropriate server hostname. Available systems are listed below:
All systems use SSH on port 222.
Note that you may need to add the -X option to the above ssh command in order to enable transparent forwarding of X applications to your local screen (this assumes that you have an X server running on your local machine). The OpenSSH version of ssh sometimes requires that you use -Y instead of -X (try -Y if applications don’t appear or die with errors). These options to ssh direct the X communication through an encrypted tunnel.
You can change your initial password using the command passwd on a login node.
- At least 8 characters
- Mixture of upper and lower case letters
- At least one digit and at least one non-alphanumeric character
- Do not use dictionary words
More on login nodes
A login node is connected to the external network and to the private cluster network, but does not run jobs itself. It is intended for:
- compiling code
- developing applications
- submitting applications to the cluster for execution
- monitoring running applications
- post-processing and managing data.
DO NOT RUN JOBS ON HEADNODES. Multiple offenses will result in account suspension.