Access and Login

Current NICS resources:

For Keeneland login information please refer to the Keeneland System Access page.

Back to Contents

Connection Requirements

In order to provide a secure system, access to Kraken and Nautilus is available via the Secure Shell protocol (SSH). UNIX-based operating systems generally have an SSH client built in, available by typing "ssh user-name@resource.nics.tennessee.edu". Windows users may obtain free clients online, such as PuTTY.

Any SSH client used to log into NICS resources should:

• Support the SSH-2 protocol (supported by all modern SSH clients). Several security vulnerabilities exist in the SSH-1 protocol, therefore, access using a version 1 client is not allowed.
• Allow keyboard-interactive authentication to access NICS systems. For UNIX-based SSH clients, the following line should be in either the default ssh_config file or your  $HOME/.ssh/config file:

   
  PreferredAuthentications keyboard-interactive,password

  The line may also contain other authentication methods, so long as keyboard-interactiveis included.

  For recent versions of SecureCRT or PuTTY, the change can be made through the SSH connection properties menu.

Back to Contents

Connection Procedures

NICS supports secure access using GSISSH (part of the Globus Toolkit) and secure access that requires the use of an RSA One Time Password (OTP) token which generates a one-time password. Secure access using the OTP is required to access HPSS storage.

Back to Contents

One-Time Password (OTP) Authentication

SSH access to the login nodes requires the use of a one time password (OTP) token.  Should you require ssh access or HPSS storage, follow the procedures to obtain an OTP token that are included in the email you receive once you activate your account .  NICS requires the notarized NICS Token Activation form returned to them before activating the OTP.  Once your OTP token has been enabled you will receive an email with instructions to set your Personal Identification Number (PIN).  Setting up your One Time Password

Once you have set your PIN, you may log in using your OTP token to ssh to the system. In the example below, userid would be replaced by your NICS username. Users are prompted for their OTP token by the PASSCODE prompt. The PASSCODE is made up of your PIN, followed by the number displayed on the OTP token (see picture). For example, if your pin is 1234 and the token code is 159759, enter 1234159759.
Note: No characters will appear when entering your PASSCODE

% ssh your_userid@resource.nics.tennessee.edu
Enter PASSCODE: 

Accounts that are not used for a period of three consecutive months are disabled. If you believe your account has been disabled for inactivity please submit a request to help@xsede.org or you may call the helpline directly at 865-241-1504.

Back to Contents

GSISSH Access

NICS supports GSISSH using your XSEDE login and password. GSISSH is part of the Globus Toolkit, and the utility uses proxy certificates to authenticate. GSISSH allows single-sign-on capability to most XSEDE resources, where you have an account, without having to remember multiple usernames and passwords.

If GSI authentication fails, gsissh will default to standard keyboard-interactive authentication (for OTP nodes, it prompts for your passcode). You can find steps for using GSISSH at Using Globus Tools.

userjd@ncsa:~> gsissh  gsissh.kraken.nics.xsede.org

Back to Contents

File System Access

During times of system outage, access to a user's home and project directories is available at login.nics.tennessee.edu. The procedure for this is analogous to the Secure Access procedure. For example:

% ssh userid@login.nics.tennessee.edu
Enter PASSCODE:

Note that this system does not have access to the Lustre file system.

Back to Contents

Connection Options

X11 Forwarding

There are graphical tools you might want to use on NICS resources, which require using X11 forwarding. For example, there are a number of graphical debugging, optimization, as well as visualization tools that you might want to use. For instructions on setting up the X11 forwarding please see Procedures for X11 forwarding page.

Back to Contents

Changing Your Default Shell

You may change your default shell, by logging into the NICS User portal.

Back to Contents

RSA Key Fingerprints

Occasionally, you may receive an error message upon logging in to a system such as the following:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the OTP host key has just been changed.

This can be a result of normal system maintenance that changes an RSA public key or could be an actual security incident. If these fingerprints do not match what your SSH/secure copy (SCP)/secure file transfer (SFTP) client shows you, do not continue authentication; instead, contact help@xsede.org

Back to Contents

HPSS Archival Storage Access

The HPSS archival storage system may be accessed using HSI. Use of HPSS archival storage resources requires OTP access. Password-free access is provided on the secure-access login nodes (ie if you used the OTP to log in).

Back to Contents

File Transfer Utilities

The SSH-based SCP/SFTP utilities can be used to transfer files to and from NICS systems.

If GridFTP is available at your local site, this is the best way to transfer large files. For more information on data transfers, see the data transfer page.

The URLs for NICS GridFTP servers are:

For information on accessing Keeneland GridFTP servers please refer to the Keeneland System Access page.

Back to Contents