start:mogon_cluster:access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
start:mogon_cluster:access [2020/07/10 12:15]
jrutte02
start:mogon_cluster:access [2021/03/18 14:14] (current)
jrutte02 [Access]
Line 1: Line 1:
-==== Account ====+====== Accessing MOGON ====== 
  
-<grid> 
-<col lg="9" md="9" sm="9" xs="9"> 
-<alert type="danger" dismiss="true" icon="fa fa-warning">**Warning!** Due to changed settings on MOGON as a result of the security incident, this article may need to be revised. 
-</alert> 
-</col> 
-</grid> 
  
 Essentially only accounts of the Johannes Gutenberg University can get access. Essentially only accounts of the Johannes Gutenberg University can get access.
Line 14: Line 9:
 </callout> </callout>
  
-==== Access ====+===== Access =====
  
-Since the MOGON clusters are Linux-based systems, remote access is granted via SSH.+<callout type="tip" title="Remote Access" icon="true"> 
 +Since the MOGON clusters are Linux-based systems, remote access is granted via ''SSH''
 +</callout> 
 +To access MOGON refer to these instructions: 
 +**[[:start:mogon_cluster:access_from_outside_unix|access MOGON using Linux/macOS]] / [[:start:mogon_cluster:access_from_outside_windows|access MOGON using Windows]]**. The latter link contains information for accessing MOGON with ''PuTTY'', ''MobaXterm'' and ''PowerShell''.
  
-The MOGON login nodes are accessible only from the university networkTo access MOGON from the outside (e.gfrom home) you have to use VPN please refer to these instructions: \\ +The login nodes of **MOGON II** are ''miil01.zdv.uni-mainz.de'' to ''miil03.zdv.uni-mainz.de''
-**[[:start:mogon_cluster:access_from_outside_unix|(Outside) access using Unix]] / [[:start:mogon_cluster:access_from_outside_windows|(Outside) access using Windows]]**The latter link also contains information for internal access with Windows.+
  
-Login to the login-nodes is mediated by a jump node: Access is done with direct login (ssh) to "''mogon''". This name implements a 'Round-Robin-DNS' login to both login nodes of MOGON I, mil01.zdv.uni-mainz.de and mil02.zdv.uni-mainz.de. If for some reason you want to login to a specific login node, you can use this names directly. (or if for some other Reason one of the nodes is broken, and the dns always gives you the wrong, broken one to connect to) 
  
-The login nodes of **MOGON II** are ''miil01.zdv.uni-mainz.de'' to ''miil03.zdv.uni-mainz.de''. Projects on MOGON I do not have access to MOGON II automatically. You have to apply for MOGON I and MOGON II separately. Only password-less login is available. You **need to have your ssh-key((A neat overview on ssh-keys and how to generate and copy them can be found [[https://www.ssh.com/ssh/copy-id|here]].))** on MOGON I to be able to log in to MOGON II+<grid> 
 +<col lg="6" md="6" sm="6" xs="12"> 
 +<callout type="danger" title="Login" icon="true"> 
 +Only password-less login is available. 
 +</callout> 
 +</col> 
 +<col lg="6" md="6" sm="6" xs="12"> 
 +<callout type="warning" icon="true" title="SSH-Key"> 
 +You **need to have your SSH-Key** uploaded on [[https://account.uni-mainz.de/sshkey|account.uni-mainz.de/sshkey]] to be able to log in to MOGON((A neat overview on ssh-keys and how to generate and copy them can be found [[https://www.ssh.com/ssh/copy-id|here]]. Or you can follow our [[start:mogon_cluster:access#how_to_set_up_ssh-keys_for_mogon|guideline]])).
  
-The **accelerators (GPUs) of MOGON II reside within MOGON I** infrastructure that is to say you have to login to MOGON I but use your MOGON II account (-A m2_*) to have access to those accelerators.+Your SSH-Key is automatically added to the MOGON cluster. Would You Like To Know More? Read this [[start:mogon_cluster:basic_authentication#add_ssh-key_to_mogon|Article]]! 
 +</callout> 
 +</col>
  
-<callout type="warning" icon="true"> +</grid>
-You **need to have your ssh-key** on MOGON I to be able to log in to MOGON II. (RSA authentication)! +
  
-Your home directory is on the same file system on both clustersIn order to access MOGON II, you need to copy your ssh-key once to your home directory on MOGON I (''~/.ssh'').+ 
 +=== MOGON Service Nodes Overiew === 
 +<datatable info="false" paging="false" searching="false"> 
 +^ Service Node ^ FQDN ^ Description^ Fingerprint ^ 
 +| ''login21'' | ''miil01.zdv.uni-mainz.de'' | Login Node | MD5:''a6:a1:d2:13:df:2b:59:91:2f:e1:a5:50:1c:f1:b0:b4'' \\ SHA256:''eu8N17/EHw0pwvUVT6Htm7yek54t8s8QdRN+A92sjek''   | 
 +| ''login22'' | ''miil02.zdv.uni-mainz.de'' | Login Node | MD5:''3d:90:0e:fa:ce:b1:db:6d:22:ff:6c:94:d0:fe:2d:34'' \\ SHA256:''WcJllAYU8qNcm31WLeg892JHbuczesfWVM5bTmtaisA''
 +| ''login23'' | ''miil03.zdv.uni-mainz.de'' | Login Node | MD5:''dc:e7:9f:c9:3b:13:cc:3a:65:ce:15:5d:8d:b1:9b:71'' \\ SHA256:''v5wiJI/jBTqpYF/g07VMH7WVesbVaovYTcT/MpgcWhc''
 +| ''hpcgate'' | ''hpcgate.zdv.uni-mainz.de'' | Jump Host | MD5:''63:67:65:76:5f:ad:fb:20:f2:68:92:cf:d5:49:2c:dc'' \\ SHA256:''CNbkj04hEuJ9IwgGkTBXbF1WtE/Nb46kPVSejKUGfRU''
 +</datatable> 
 +<callout type="info" icon="true" title="Service-Node FQDN"> 
 +If you access MOGON Service-Nodes through the ''HPCGATE'' you can omit ''zdv.uni-mainz.de'', e.g.: for ''login21'' ''miil01'' is sufficient.
 </callout> </callout>
  
 +===== How to set up SSH-Keys for MOGON =====
 +
 +SSH-Keys for MOGON require certain information in the comment of the SSH-Key that describes the purpose of the Key. The information is catched by a script and ensures that you can access MOGON correctly.
 +
 +<callout type="tip" icon="true" title="MOGON SSH-Key comment additions">
 +Make sure you add the following strings to your SSH-Key as part of your comment, to specify the purpose:\\
 +
 +^ Purpose ^ Comment String related to MOGON Access ^
 +| Using the jump host ''hpcgate'' | ''HPCGATE'' |
 +| Log in to MOGON service nodes | ''HPCLOGIN'' |
 +</callout>
 +
 +==== Generating a new SSH-Key using Linux or macOS ====
 +In case you not yet have an SSH-Key pair on your computer, you can use the following command to create a new pair:
 +
 +<code bash>ssh-keygen -t rsa -b 4096 -C "HPCGATE,HPCLOGIN"</code>
 +
 +This generates a new private/public ''RSA'' key pair with ''4096 bit'' key size. \\ {{fa>hand-o-right?fw}} Please note: The part ''-C "HPCGATE,HPCLOGIN"'' creates the mandatory comment, which can be pasted into the web form. {{fa>hand-o-left?fw}} \\ Then ''ssh-keygen'' asks for a name for the key. 
 +
 +<code>Enter a file in which to save the key (/home/you/.ssh/id_rsa): [Press enter] </code>
 +
 +After that you have to specify a passphrase - {{fa>warning?fw}} **use a passphrase!** {{fa>warning?fw}}. An empty passphrase is a serious security concern. 
 +
 +<code bash>Enter passphrase (empty for no passphrase): [Type a passphrase]
 +Enter same passphrase again: [Type passphrase again] </code>
 +
 +In this case you deviate from the default names and you ought make your ''ssh-agent'' aware of it:
 +<code bash>
 +ssh-add ~/Path/To/Your/PrivateKey
 +</code>
 +
 +=== Modify existing SSH-Keys ===
 +If you already have an SSH-Key pair, you can change the comment as follows, for example to add the ''HPCGATE,HPCLOGIN'' string if you have forgotten to append it:
 +
 +<code bash> 
 +ssh-keygen -c -C "HPCGATE,HPCLOGIN" -f ~/Path/To/Your/PrivateKey
 +</code>
 +
 +
 +
 +
 +
 +
 +==== Generating a new SSH-Key using Windows ====
 +
 +<callout type="tip" icon="true" title="Set up SSH-Keys for MOGON using Windows"> We have created an article for you <button type="info" icon="fa fa-key" size="xs">[[start:mogon_cluster:access_from_outside_windows:creating_sshkeys_on_windows|here]]</button> that explains various ways to create new SSH-Keys using Windows, including ''PuTTY'', ''MobaXterm'' and ''PowerShell''. </callout>
  
  
  • start/mogon_cluster/access.1594376116.txt.gz
  • Last modified: 2020/07/10 12:15
  • by jrutte02