Access and Login
Current NICS resources:
|Node type||Kraken XT5||Nautilus|
|Login Node: (OTP )||login.kraken.nics.tennessee.edu||login.nautilus.nics.tennessee.edu|
|Login Node: (OTP )||login.kraken.nics.xsede.org||login.nautilus.nics.xsede.org|
For Keeneland login information please refer to the Keeneland System Access page.
In order to provide a secure system, access to Kraken and Nautilus is available via the Secure Shell protocol (SSH ). UNIX-based operating systems generally have an SSH client built in, available by typing "ssh user-name @resource.nics.tennessee.edu ". Windows users may obtain free clients online, such as PuTTY .
Any SSH client used to log into NICS resources should:
- Support the SSH-2 protocol (supported by all modern SSH clients). Several security vulnerabilities exist in the SSH-1 protocol, therefore, access using a version 1 client is not allowed.
Allow keyboard-interactive authentication to access NICS
systems. For UNIX-based SSH clients, the following line should be in either the default ssh_config
file or your $HOME/.ssh/config
PreferredAuthentications keyboard-interactive,passwordThe line may also contain other authentication methods, so long as keyboard-interactive is included.
For recent versions of SecureCRT or PuTTY, the change can be made through the SSH connection properties menu.
NICS supports secure access using GSISSH (part of the Globus Toolkit) and secure access that requires the use of an RSA One Time Password (OTP) token which generates a one-time password. To obtain an RSA token send an email to email@example.com and include your home address and user name. Tokens are sent by US mail. They are disabled until NICS receives the notarized NICS Token Activation Form. Secure access using the OTP is required to access HPSS storage.
SSH access to the login nodes requires the use of a one time password (OTP) token. Should you require ssh access or HPSS storage, follow the procedures to obtain an OTP token that are included in the email you receive once you activate your account . NICS requires the notarized NICS Token Activation form returned to them before activating the OTP. Once your OTP token has been enabled you will receive an email with instructions to set your Personal Identification Number (PIN). Setting up your One Time Password
Once you have set your PIN, you may log in using your OTP token to ssh to the system. In the example below, userid
would be replaced by your NICS username. Users are prompted for their OTP token by the PASSCODE prompt. The PASSCODE is made up of your PIN, followed by the number displayed on the OTP token (see picture). For example, if your pin is 1234 and the token code is 159759, enter 1234159759.
Note: No characters will appear when entering your PASSCODE
% ssh your_userid @resource .nics.tennessee.edu Enter PASSCODE:
Accounts that are not used for a period of three consecutive months are disabled. If you believe your account has been disabled for inactivity please submit a request to firstname.lastname@example.org
or you may call the helpline directly at 865-241-1504.
NICS supports GSISSH using your XSEDE login and password. GSISSH is part of the Globus Toolkit, and the utility uses proxy certificates to authenticate. GSISSH allows single-sign-on capability to most XSEDE resources, where you have an account, without having to remember multiple usernames and passwords.
If GSI authentication fails, gsissh will default to standard keyboard-interactive authentication (for OTP nodes, it prompts for your passcode). You can find steps for using GSISSH at Using Globus Tools .
userjd@ncsa:~> gsissh gsissh.kraken.nics.xsede.org
During times of system outage, access to a user's home and project directories is available at login.nics.tennessee.edu . The procedure for this is analogous to the Secure Access procedure. For example:
% ssh userid @login .nics.tennessee.edu Enter PASSCODE:
Note that this system does not have access to the Lustre file system.
There are graphical tools you might want to use on NICS resources, which require using X11 forwarding. For example, there are a number of graphical debugging , optimization , as well as visualization tools that you might want to use. For instructions on setting up the X11 forwarding please see Procedures for X11 forwarding page.
You may change your default shell, by logging into the NICS User portal .
Occasionally, you may receive an error message upon logging in to a system such as the following:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the OTP host key has just been changed.
This can be a result of normal system maintenance that changes an RSA public key or could be an actual security incident. If these fingerprints do not match what your SSH/secure copy (SCP)/secure file transfer (SFTP) client shows you, do not continue authentication; instead, contact email@example.com
The HPSS archival storage system may be accessed using HSI . Use of HPSS archival storage resources requires OTP access. Password-free access is provided on the secure-access login nodes (ie if you used the OTP to log in).
The SSH-based SCP/SFTP utilities can be used to transfer files to and from NICS systems.
The URLs for NICS GridFTP servers are:
For information on accessing Keeneland GridFTP servers please refer to the Keeneland System Access page.