Difference between revisions of "PHASTA Group Machines"
(Created page with "This page documents the local machines owned by the group. == Logging In == The entry point for the group machines is <code>jumpgate</code>, which is access publicly via <co...") |
|||
Line 1: | Line 1: | ||
− | This page documents the local machines owned by the group. | + | This page documents the local machines owned by the group, logging in, and two factor authentication. |
== Logging In == | == Logging In == | ||
Line 13: | Line 13: | ||
where the <code>Password:</code> and <code>Verification code:</code> are prompts for you to enter in your password and 2FA pass code. | where the <code>Password:</code> and <code>Verification code:</code> are prompts for you to enter in your password and 2FA pass code. | ||
− | Very little can/should be done on <code>jumpgate</code> | + | Very little can/should be done on <code>jumpgate</code>. The most common use is to establish a tunnel for a VNC session. The second usage that must be done to set that up is connecting to <code>portal1</code>. This is done via <code>ssh portal1</code> while on <code>jumpgate</code>. |
=== Setting Up Two-Factor Authentication === | === Setting Up Two-Factor Authentication === |
Revision as of 07:02, 8 September 2020
This page documents the local machines owned by the group, logging in, and two factor authentication.
Contents
Logging In
The entry point for the group machines is jumpgate
, which is access publicly via jumpgate-phasta.colorado.edu
. To access the system via command line, simply run ssh USERNAME@jumpgate-phasta.colorado.edu
if running Linux or Mac, or use PuTTY for Windows.
For Linux or Mac terminals, the login process will look like the following:
➜ ssh USERNAME@jumpgate-phasta.colorado.edu Password: Verification code:
where the Password:
and Verification code:
are prompts for you to enter in your password and 2FA pass code.
Very little can/should be done on jumpgate
. The most common use is to establish a tunnel for a VNC session. The second usage that must be done to set that up is connecting to portal1
. This is done via ssh portal1
while on jumpgate
.
Setting Up Two-Factor Authentication
Due to recent brute force ssh attacks we are moving to using two factor authentication (2FA). Existing users will have one week to switch over to this process. New users are expected to do this within 24 hours. This is pretty easy to setup as follows (from a terminal in your mac or linux laptop (and Windows if new enough)) or using PuTTY. All commands to be run are in italics
.
ssh USERNAME@jumpgate-phasta.colorado.edu
This will prompt for your password (the private password you set or, if this is your first login the one in the account creation email).
Next you need to download and install an authenticator application either for your computer or phone. There are several from Google, Microsoft, Twilio, etc. Launch that application on your phone or computer. In whatever mode it uses to create a new token generator, do that (often it opens with a QR code scanner enabled as it knows that is the easiest way to link the phone application to the QR scan created on the machine you are trying to access).
Before moving forward, it is recommended that you start a second terminal connection to jumpgate
by repeating the ssh command above. If at any point you want/need to reset, simply run rm -rf ~/.google_authenticator
in that second ssh session.
In your jumpgate
terminal on your laptop type:
google-authenticator
If your terminal is big enough, it should display a QR code that you can scan with your phone. At this point it will ask you some questions about options (I answered yes to all).
Now open another terminal and log on to jumpgate
with ssh just as we did before. Now, in addition to prompting for your password, it will also prompt for a "Verification code:". In your authenticator app, find the auto-generated 6 digit code and enter it. If you've logged on successfully, then you are done. Otherwise, attempt to troubleshoot or reset the process with the fore mentioned rm
command.
VNC
Most members of the group interact with these machines via a VNC, which provides an GUI interface. Setting up the VNC server is documented on the VNC page.
Machines
jumpgate
This is the machine that allows you to "jump" to the other machines in the local network via ssh
. It is simply the public-facing machine and should only be used as such.
portal1
This is where most of the non-computationally intensive tasks are done, such as text editing, moving files, etc. Effectively, if it takes longer than 5 seconds to run, you should probably think about running it on one of the viz*
nodes.
viz003
This is where most computationally intensive tasks are done. However, they should only be run for debugging or post-processing. Production runs should be run on servers outside of the group's local machines (NAS, ALCF, etc.)
viz002
This is where most computationally intensive tasks are done. However, they should only be run for debugging or post-processing. Production runs should be run on servers outside of the group's local machines (NAS, ALCF, etc.)