|
Whenever you log into CLAIX (currently restricted to the login node `login18-4`) for the first time in a certain time period – currently several hours – you will be asked to enter _all_ types of identification, i.e., Username/Password, SSH key (if applicable), and Second Factor of choice. After this first login, further logins differ depending on whether or not you have SSH-authentication enabled.
|
|
# Logging Into Nodes Not Secured With Multi-Factor Authentication
|
|
|
|
|
|
|
|
Using most of the high performance compute cluster login nodes (currently all except the login node `login18-4.hpc.itc.rwth-aachen.de`), nothing will change about the established ways of logging in. You will be asked for either your username and password (`ab123456` and associated service password) _or_, if you have a public key file on the file system of the cluster and the corresponding private key file on the system used to access the cluster, for the password to this key pair.
|
|
|
|
|
|
|
|
For now, only opting into the multi-factor authentication pilot phase will change the login flows. To see what this entails, please read on.
|
|
|
|
|
|
|
|
# Logging Into Nodes Secured With Multi-Factor Authentication
|
|
|
|
|
|
|
|
Whenever you log into the high performance compute cluster (currently restricted to the login node `login18-4.hpc.itc.rwth-aachen.de`) for the first time in a certain time period – currently several hours – you will be asked to enter _all_ types of identification, i.e., Username/Password, SSH key (if applicable), and Second Factor of choice. After this first login, further logins differ depending on whether or not you have SSH-authentication enabled.
|
|
|
|
|
|
**Note:** If you are using the `login18-4` node on the cluster, you are _required_ to have an active Second Factor token.
|
|
**Note:** If you are using the `login18-4` node on the cluster, you are _required_ to have an active Second Factor token.
|
|
|
|
|
|
# Using Username/Password
|
|
## Using Username/Password
|
|
|
|
|
|
If you have not [associated an SSH public key with your HPC account](adding an SSH key to your HPC account) or do not have the corresponding private key file on the computer from which you are accessing the HPC servers, all further logins are the same as the first one: you are required to enter both your Unix password (which you can [change in the RegApp](setting the service password)) and your Second Factor of choice (which you can [manage in the RegApp](adding 2FA tokens to your account)) every time you open a new session.
|
|
If you have not [associated an SSH public key with your HPC account](adding an SSH key to your HPC account) or do not have the corresponding private key file on the computer from which you are accessing the HPC servers, all further logins are the same as the first one: you are required to enter both your Unix password (which you can [change in the RegApp](setting the service password)) and your Second Factor of choice (which you can [manage in the RegApp](adding 2FA tokens to your account)) every time you open a new session.
|
|
|
|
|
|
# Using SSH key-pairs
|
|
## Using SSH key-pairs
|
|
|
|
|
|
If you have [associated an SSH public key with your HPC account](adding an SSH key to your HPC account) and have at least one corresponding private key file on the system used to access the HPC cluster, all further logins within this certain time period will _only_ require SSH-authentication. In the case that you are running an `ssh-agent` in the background to manage your private key password, you will be directly authenticated, otherwise, you will be prompted for the password of your private key file when opening a new session.
|
|
If you have [associated an SSH public key with your HPC account](adding an SSH key to your HPC account) and have at least one corresponding private key file on the system used to access the HPC cluster, all further logins within this certain time period will _only_ require SSH-authentication. In the case that you are running an `ssh-agent` in the background to manage your private key password, you will be directly authenticated, otherwise, you will be prompted for the password of your private key file when opening a new session.
|
|
|
|
|
|
**Note:** Access to the cluster requires password and second factor on first connection within a certain time frame. If you use an ssh config file (a file in your `.ssh` folder named `config`; for more info query your preferred search engine or start [here](https://linuxhandbook.com/ssh-config-file/)), make sure that for this domain (e.g., `*.hpc.itc.rwth-aachen.de`) you are **not** using the public key as your preferred authentication method (i.e., do **not** set `PreferredAuthentications publickey` for this domain). Doing so will prevent the password request and thus login. |
|
**Note:** Access to the `login18-4.hpc.itc.rwth-aachen.de` node requires password and second factor on first connection within a certain time frame. If you use an ssh config file (a file in your `.ssh` folder named `config`; for more info query your preferred search engine or start [here](https://linuxhandbook.com/ssh-config-file/)), make sure that for this domain (e.g., `*.hpc.itc.rwth-aachen.de`) you are **not** using the public key as your preferred authentication method (i.e., do **not** set `PreferredAuthentications publickey` for this domain). Doing so will prevent the password request and thus login. |
|
\ No newline at end of file |
|
\ No newline at end of file |