How do I connect?

General Overview:

We have three High Performance Computing (HPC) systems on campus. Mio, Mc2 (Energy), and AuN (Golden). This document describes how to log on to these systems, once you have been granted an account. For information about how to get an account see How do you get an account.

After you have logged in please see How do I do a simple build and run to see how to build and run applications.

The only way to access the HPC platforms is by using ssh. Unix and Unix-like operating systems, (OSX, Linux, Unicos...) have ssh built in. If you are using a Windows-based machine then you must use a terminal package that supports ssh, such as puTTY (available from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html). We have a description of how to connect using puTTY from a Windows-based machine at: http://geco.mines.edu/ssh.

All of the HPC platforms are behind the campus firewall. The firewall blocks access from off campus. Thus you need to be on campus to get access, or you need to use VPN software discussed at VPN INFORMATION. There is a third method for gaining access discussed below under the section Setting up keys to make your life much easier. This method will allow you access for a fixed period of time without needing to reenter your password; transparently tunneling to AuN and Mc2.

Assuming you are on campus and you are using a machine that supports ssh directly, you can get to Mio by entering the following in a terminal window:

ssh mio.mines.edu

You will be asked for your password. The password required here is your MultiPass password. The session should look like the following with "joeuser" replaced with your username and "imagine" replaced with the name of the machine from which you are connecting.

[joeuser@imagine ~]$ ssh mio.mines.edu
joeuser@mio.mines.edu's password: 
*****************************
** For Mio questions email **
**    hpcinfo@mines.edu    **
*****************************
[joeuser@mio001 ~]$ 

The platforms AuN (golden) and Mc2 (energy) were purchased as a set and are collectively known as BlueM. There is also a machine, BlueM, that acts as the frontend for AuN and Mc2. That is, you must log on to BlueM then log in to either AuN or Mc2. The procedure for logging on to BlueM is identical to getting onto Mio except the name is changed. After you are on BlueM you can enter ssh mc2 or ssh aun to gain access to those machines.

Assuming you are on campus and you are using a machine that supports ssh directly, you can get to BlueM and then AuN by entering the following in a terminal window:

ssh bluem.mines.edu

You will be asked for your password. The password required here is your MultiPass password. The session should look like the following with "joeuser" replaced with your username and "imagine" replaced with the name of the machine from which you are connecting.

[joeuser@imagine ~]$ ssh bluem.mines.edu
joeuser@bluem.mines.edu's password: 
[joeuser@bluem ~]$ ssh aun
 ###################################################################
 ##                                                               ##
 ##                 ** Colorado School of Mines **                ##
 ##                       ** AuN - Golden **                      ##
 ##                                                               ##
 ##             For questions email hpcinfo@mines.edu             ##
 ##                                                               ##
 ##                                                               ##
[joeuser@aun001 ~]$ 

The platforms AuN (golden) and Mc2 (energy) were purchased as a set and are collectively known as BlueM. There is also a machine, BlueM, that acts as the frontend for AuN and Mc2. That is, you must log on to BlueM then log in to either AuN or Mc2. The procedure for logging on to BlueM is identical to getting onto Mio except the name is changed. After you are on BlueM you can enter ssh mc2 or ssh aun to gain access to those machines.

Assuming you are on campus and you are using a machine that supports ssh directly, you can get to BlueM and then Mc2 by entering the following in a terminal window:

ssh bluem.mines.edu

You will be asked for your password. The password required here is your MultiPass password. The session should look like the following with "joeuser" replaced with your username and "imagine" replaced with the name of the machine from which you are connecting.

[joeuser@imagine ~]$ ssh bluem.mines.edu
joeuser@bluem.mines.edu's password: 
[joeuser@bluem ~]$ ssh mc2
 ###################################################################
 ##                                                               ##
 ##                 ** Colorado School of Mines **                ##
 ##                        ** BlueGene/Q **                       ##
 ##                       ** Mc2 - Energy **                      ##
 ##                                                               ##
 ##             For questions email hpcinfo@mines.edu             ##
 ##                                                               ##
 ##                                                               ##
[joeuser@mc2 ~]$ 

Setting up keys to make your life much easier:

Using a procedure called ssh tunneling it is possible to appear that you are directly connecting to AuN or Mc2. It will look like you are bypassing BlueM. This can work from both on campus and off. Also, the procedure discussed below will allow you to log in only entering a passphrase every 8 hours. This will also work for Mio.

The following is a quick guide for setting up keys and tunnels to access bluem.mines.edu, aun.mines.edu, and mc2.mines.edu from an on campus Linux box or OSX (Mac) machine. The commands you will enter are shown in red. The procedure for setting up off campus access via tunneling is similar but the configuration file is different and there is an extra step. This is documented below. Note: Non-CSM people are not allowed to tunnel into campus and must use VPN. After VPN is set up off campus users can use the procedure outlined for on campus usage.

The same procedures work for getting to Mio from both on campus and off campus.

For Windows users, information on setting up PuTTY and tunneling with PuTTY can be found at
http://geco.mines.edu/ssh/
and
http://howto.ccs.neu.edu/howto/windows/ssh-port-tunneling-with-putty

Setting up access from an on campus Linux or OSX box:

Generate your key pair (do not use an empty passphrase):

osage:~ joeuser$ ssh-keygen -f $HOME/.ssh/forbluem -tdsa
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/joeuser/.ssh/forbluem.
Your public key has been saved in /Users/joeuser/.ssh/forbluem.pub.
The key fingerprint is:
67:60:3c:5e:42:64:23:c5:79:70:62:d1:da:74:97:45 joeuser@osage.mines.edu
The key's randomart image is:
+--[ DSA 1024]----+
|      .+@=.    +E|
|       *o++ . o  |
|        *=.. .   |
|       o.=.      |
|        S o      |
|         o       |
|                 |
|                 |
|                 |
+-----------------+
osage:~ joeuser$ 

Copy the public key to BlueM:

osage:.ssh joeuser$ cat ~/.ssh/forbluem.pub | ssh bluem.mines.edu "cat >> ~/.ssh/authorized_keys"

Copy the public key to Mio:

If you have an account on Mio then you will want to copy your new key there also, allowing you to log in using the same key.

osage:.ssh joeuser$ cat ~/.ssh/forbluem.pub | ssh mio.mines.edu "cat >> ~/.ssh/authorized_keys"

Add the following lines to your ~/.ssh/config file. Create one if it does not exist:

#Next 4 lines are optional if you don't do X-Windows
ForwardAgent yes
ForwardX11 yes
ForwardX11Trusted yes
XAuthLocation /opt/X11/bin/xauth
PubkeyAcceptedKeyTypes=+ssh-dss
AddKeysToAgent yes 

Host bluem
HostName 138.67.132.239
Identityfile2 ~/.ssh/forbluem

Host bluem.mines.edu
HostName 138.67.132.239
Identityfile2 ~/.ssh/forbluem

Host mio,mio.mines.edu
HostName 138.67.132.244
Identityfile2 ~/.ssh/forbluem


Host golden
ProxyCommand ssh bluem.mines.edu nc 2>/dev/null aun.mines.edu %p


Host energy
ProxyCommand ssh bluem.mines.edu nc 2>/dev/null mc2.mines.edu %p

Set the permissions on your config file:

chmod 600 ~/.ssh/config

Run the following to set an 8-hour limit on your key:

ssh-add -t 28800 ~/.ssh/forbluem

Log in to BlueM using ssh:

ssh bluem

This time you should not need to enter a password. This login ensures that some system level setup is done before you try to log in to AuN or Mc2. After this login you can log out.

You should now be able to run the commands from your desktop machine:

ssh golden

ssh energy

and be logged on directly to AuN and Mc2. If you are asked for a password by either of these machines, log back in to BlueM and run the following command. This copies your new keys to the the shared file system so they can be seen by AuN and Mc2.

/opt/utility/appendkeys

Optional: add the following to your .bashrc file:

alias keys='ssh-add -t 28800 ~/.ssh/forbluem'
alias killkeys='ssh-add -D'

This adds the commands to your environment to enable and disable your keys.


Setting up access from an on off campus Linux or OSX box:

Generate your key pair (do not use an empty passphrase):

petra:~ joeuser$ ssh-keygen -f $HOME/.ssh/forbluem -tdsa
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/joeuser/.ssh/forbluem.
Your public key has been saved in /Users/joeuser/.ssh/forbluem.pub.
The key fingerprint is:
67:60:3c:5e:42:64:23:c5:79:70:62:d1:da:74:97:45 joeuser@osage.mines.edu
The key's randomart image is:
+--[ DSA 1024]----+
|      .+@=.    +E|
|       *o++ . o  |
|        *=.. .   |
|       o.=.      |
|        S o      |
|         o       |
|                 |
|                 |
|                 |
+-----------------+
petra:~ joeuser$ 

Copy the public key to Imagine:

petra:.ssh joeuser$ cat ~/.ssh/forbluem.pub | ssh imagine.mines.edu "cat >> ~/.ssh/authorized_keys"

Add the following lines to your ~/.ssh/config file. Create one if it does not exist:

If you have a different username on your external box than you have on CSM machines follow the directions below but use this for your config file.

#Next 4 lines are optional if you don't do X-Windows
ForwardAgent yes
ForwardX11 yes
ForwardX11Trusted yes
XAuthLocation /opt/X11/bin/xauth
PubkeyAcceptedKeyTypes=+ssh-dss
AddKeysToAgent yes 

Host imagine
HostName 138.67.132.196
Identityfile2 ~/.ssh/forbluem

Host imagine.mines.edu
HostName 138.67.132.196
Identityfile2 ~/.ssh/forbluem


Host step1
Hostname imagine.mines.edu
Identityfile2 ~/.ssh/forbluem

Host step2
ProxyCommand ssh step1 nc 2>/dev/null bluem.mines.edu %p

Host golden
ProxyCommand ssh step2 nc 2>/dev/null aun.mines.edu %p

Host energy
ProxyCommand ssh step2 nc 2>/dev/null mc2.mines.edu %p

Host bluem
ProxyCommand ssh step1 nc 2>/dev/null bluem.mines.edu %p

Host mio
ProxyCommand ssh step1 nc 2>/dev/null mio.mines.edu %p

To get this config template run the following command on your local machine


curl http://geco.mines.edu/prototype/How_do_I_connect/config_template -o config_template

Set the permissions on your config file:

chmod 600 ~/.ssh/config

Run the following to set an 8-hour limit on your key:

ssh-add -t 28800 ~/.ssh/forbluem

This command should be run as needed to renew your key. You will enter the passphrase that you used to set up the key:

Log in to Imagine using ssh:

ssh imagine

Run the following command to copy your new key to BlueM. You will need to enter your password:

[joeuser@imagine ~]$tail -1 ~/.ssh/authorized_keys | ssh bluem.mines.edu "cat >> ~/.ssh/authorized_keys"

Then run the following to copy your key from BlueM to Aun and Mc2:

[joeuser@imagine ~]$ssh bluem /opt/utility/appendkeys

You should now be able to run the commands from your desktop machine:

ssh golden

ssh energy

and be logged on directly to AuN and Mc2.

Optional: add the following to your .bashrc file:

alias keys='ssh-add -t 28800 ~/.ssh/forbluem'
alias killkeys='ssh-add -D'

This adds the commands to your environment to enable and disable your keys.


Alternate config file for different usernames on external machines:

Finally, if you have a different user name on your external box than you have on BlueM you will need to add your CSM username to the config file as shown below. Replace joeuser with your username on Mio/BlueM/Mc2/AuN:

#Next 4 lines are optional if you don't do X-Windows
ForwardAgent yes
ForwardX11 yes
ForwardX11Trusted yes
XAuthLocation /opt/X11/bin/xauth
PubkeyAcceptedKeyTypes=+ssh-dss
AddKeysToAgent yes 

Host imagine
HostName 138.67.132.196
User joeuser
Identityfile2 ~/.ssh/forbluem

Host imagine.mines.edu
HostName 138.67.132.196
User joeuser
Identityfile2 ~/.ssh/forbluem

Host step1
Hostname imagine.mines.edu
User joeuser
Identityfile2 ~/.ssh/forbluem

Host step2
User joeuser
ProxyCommand ssh joeuser@step1 nc 2>/dev/null bluem.mines.edu %p
Identityfile2 ~/.ssh/forbluem

Host golden
User joeuser
ProxyCommand ssh joeuser@step2 nc 2>/dev/null aun.mines.edu %p
Identityfile2 ~/.ssh/forbluem

Host energy
User joeuser
ProxyCommand ssh joeuser@step2 nc 2>/dev/null mc2.mines.edu %p
Identityfile2 ~/.ssh/forbluem

Host bluem
User joeuser
ProxyCommand ssh joeuser@step1 nc 2>/dev/null bluem.mines.edu %p
Identityfile2 ~/.ssh/forbluem

Host mio
User joeuser
ProxyCommand ssh joeuser@step1 nc 2>/dev/null mio.mines.edu %p
Identityfile2 ~/.ssh/forbluem

To get this config template run the following command on your local machine


curl http://geco.mines.edu/prototype/How_do_I_connect/config_long_template -o config_long_template

Summary

Below we have a summary of the commands that are run to set up access from off campus to imagine, mio, bluem, AuN and Mc2. This procedure has been tested on CentOS, Mac, and Ubuntu. If you do not have accounts on Mio or BlueM/AuN/Mc2 your can skip those steps. These commands assume that you have a different user name on the remote machine but they will work even if you have the same user name. A video of the setup using these commands is available.

# Make a .ssh directory under your home directory if it does not exist
mkdir .ssh

# Go to your .ssh directory
cd .ssh

# Create a copy of your config file if it exists
cp config config.backup

# Get the new config template
curl http://geco.mines.edu/prototype/How_do_I_connect/config_long_template -o config_long_template

# Change the user name in the config template to your user name on Mines machines. 
# The command sed will do this or you can use your favorite editor. 
sed -i_b  -e "s/joeuser/Your_User_Name/" config_long_template

# Copy the config template to config
cp config_long_template config

# Generate the key pair
ssh-keygen -f $HOME/.ssh/forbluem -tdsa

# Change the protection on all files
chmod 600 *

# Set a time for allowing password less login 
# This will ask for your pass phrase.
# On Ubuntu this command is a bit flaky.  I was
# asked again pass phrase when I logged into Mio
ssh-add -t 28800 ~/.ssh/forbluem

# Copy the public key to imagine
cat ~/.ssh/forbluem.pub | ssh imagine "cat >> ~/.ssh/authorized_keys"

# Copy the public key to mio
cat ~/.ssh/forbluem.pub | ssh mio     "cat >> ~/.ssh/authorized_keys"

# Copy the public key to bluem
cat ~/.ssh/forbluem.pub | ssh bluem   "cat >> ~/.ssh/authorized_keys"

# Copy the public key to AuN and Mc2 using the appendkeys utility
ssh bluem /opt/utility/appendkeys

# Test it out
ssh golden
ssh energy
ssh mio