Skip to main content

Login to the login node

2FA required since September 2023

In order to improve security, our authentication procedure has been changed to two-factor authentication (2FA). Accessing the login nodes, the portal and the support forum now requires additional verification via authentication app on your mobile phone or hardware token.

Lightweight automation workflows can still be run in the background on the login nodes. For those who are currently running complex workflow automation software on external systems that trigger SLURM via passphrase-less SSH calls, we are working on a solution.

Please have a look at Setup 2-Factor Authentication for further information.

Login Nodes Use

The login nodes are meant for preparing your processing jobs, developing your programs, and as a gateway for transferring data to and from the HPC-cluster. It is allowed to run light-weight automation routines for your job submission and similar workflows on the login nodes. This might be listeners that regularly search for new data and trigger new jobs or watchers that observe and control running jobs. These programs may either constantly run in the background, e.g. using window managers like Screen, or periodically triggered by cron jobs. Please contact us via support if in doubt.

Login Node Misuse

Since the login node resources are shared among many users, you are not allowed to start any long-running or memory-hogging programs on the login nodes. For production and test runs, please use batch/interactive jobs. Violation of the usage restrictions on the login nodes may lead to your account being blocked from further access to the cluster, with your processes being forcibly removed.

Login from UNIX command line via ssh

From the UNIX command line on your own workstation, the login with your user ID is performed via these commands:

ssh <lrz user ID>@login.terrabyte.lrz.de
or
ssh <lrz user ID>@login2.terrabyte.lrz.de

After login, you will be automatically directed to your HOME directory.

Login with an SSH client

Of course you can also configure your preferred SSH client for accessing the login-nodes, for instance:

  • MobaXterm may be a good choice for you if you prefer GUI-based file browsing in addition to the common terminal. In order to set up the connection, choose "Session" > "SSH", enter login.terrabyte.lrz.de or login2.terrabyte.lrz.de into the "Remote host" field, activate "Specify username" and enter your lrz user ID. In the terminal that opens, enter your password as required. The session is now safed in your user sessions folder and can be opened at any time by double-clicking the session entry in the left panel. As we currently have two login Nodes running for redundancy you might want to add both as backup if one is unreachble/ in maintenance

  • PuTTY: In order to establish and permanently safe the session, enter login.terrabyte.lrz.de or enter login2.terrabyte.lrz.de into the "Host Name (or IP address)" field. Under "Connection/Data", enter your lrz user-ID into the field "Auto-login username". Go back to "Session" and enter a name, e.g. "terrabyte". Use "Saved Sessions" > "Save" > "Open" to save the session. You may need to enter your password. The session can now be opened at any time by double-clicking the session entry. As we currently have two login Nodes running for redundancy you might want to add both as backup if one is unreachble/ in maintenance

Login using SSH keys

You may want to use SSH keys for authentication on the login node. This is possible in general, but you must follow some rules:

SSh key rules

  1. If you want to login from outside the cluster via SSH key authentication, never use empty passphrases for keypairs! This is considered a violation of elementary security policies and will lead to a banishment from the cluster.

  2. On the HPC systems, authentication by key pair will only be accepted if one of the following algorithms was used to generate key pairs: ECDSA or ED25519. We only accept the maximum key length of 521 bits (ECDSA only) and highly recommend setting the number of rounds to 100 (ECDSA and ED25519), increasing the effort to crack passwords of stolen keys.

Since the activation of 2FA, password and SSH key login have been separated into different instances of sshd.
To access the login node via SSH key, use login-keyauth.terrabyte.lrz.de:

ssh -i <yourPassPhraseProtectedPrivateKey> <userID>@login-keyauth.terrabyte.lrz.de

For information on how to properly generate and use SSH keypairs on our HPC-clusters, please consult the LRZ documentation, which is generally applicable to the HPDA terrabyte infrastructure as well. In the examples given there, replace <user>@<targetSystem> with <userID>@login.terrabyte.lrz.de.

More advanced SSH-topics

Regarding more advanced topics related to SSH such as port fowarding, VNC server setup and a more detailed overview on SSH itself, we recommend the SSH tutorial by LRZ. It is generally applicable to our system (login nodes may have to be adapted to login.terrabyte.lrz.de or login2.terrabyte.lrz.de).

A practical example for port forwarding on our system is provided here: Jupyter via Port-Forwarding. We also provide an easy to access remote desktop application that connects to the login node via our terrabyte Portal.