Login to ALICE from Linux
From ALICE Documentation
Login to ALICE from Linux
SSH Gateway and login nodes
ALICE has its own ssh gateway which you have to go through first. You can only use to tunnel through to the actual login nodes. The gateway is named:
Important: For security reasons, the gateway allows only three consecutive login attempts from the current IP. If you enter the wrong login credentials three times, the IP that you used to connect to the gateway will be blocked for one hour. You will have to wait until the hour has passed before you can try to login again. If you do not remember your password, please contact the ALICE Helpdesk.
The login nodes are named:
login1.alice.universiteitleiden.nl (10.161.0.12) login2.alice.universiteitleiden.nl (10.162.0.13)
Setup ssh connection
Here, we describe how you can configure your ssh connection to connect to ALICE in the easiest possible way. We will use a feature called
ProxyJump in OpenSSH which is available in OpenSSH versions 7.3 and higher. If you have an older version of OpenSSH please have a look at SSH tunneling for older versions of OpenSSH. You can find out the version of OpenSSH by typing
ssh -V in your terminal.
In your Linux system open ~/.ssh/config in your favourite text editor (or create the file if it does not exist). Then add for instance
Host hpc1 HostName login1.alice.universiteitleiden.nl User <USERNAME> ProxyJump <USERNAME>@ssh-gw.alice.universiteitleiden.nl:22 ServerAliveInterval 60 Host hpc2 HostName login2.alice.universiteitleiden.nl User <USERNAME> ProxyJump <USERNAME>@ssh-gw.alice.universiteitleiden.nl:22 ServerAliveInterval 60
(Replace <USERNAME> by your own ULCN account name.)
Add monitoring tools
If you want to look at the monitoring tools that are running on the management node too, you could add additional tunnelling commands to the config for a specific host. Do not add tunnels to all definitions as they may produce conflicts when you use the same tunnel twice. So add the tunnel commands, for instance, to one host like:
Host hpc1tunnel HostName login1.alice.universiteitleiden.nl User <USERNAME> ProxyJump <USERNAME>@ssh-gw.alice.universiteitleiden.nl:22 ServerAliveInterval 60 LocalForward 8081 management.alice.universiteitleiden.nl:8081 LocalForward 8080 management.alice.universiteitleiden.nl:443
SSH tunneling for older versions of OpenSSH
Alternatively, if your OpenSSH server isn't that recent (version 7.2 or earlier) and doesn't recognize the ProxyJump alias, try this:
Host hpc1 HostName login1.alice.universiteitleiden.nl User <USERNAME> ProxyCommand ssh -X <USERNAME>@ssh-gw.alice.universiteitleiden.nl -W %h:%p
Adding X11 fowarding
You can even set your ssh connection to automatic X11 forwarding by adding the following setting:
Direct login to login nodes
If you completed the above steps you should be able to login to one of the login nodes by simply typing this:
You will be asked to provide your ALICE user password twice (not your ULCN or LUMC password), once for the ssh gateway and once of the login node. If you do this for the first time, you will also be asked to confirm the identity of the ssh gateway and the login node.
Password-less login using SSH keys
If you do not wish to enter you password everytime you login you can use ssh keys. If you have not yet used ssh keys before, please have a look at this page: Public key authentication from Linux
If you have an ssh key, you need to deposite it first on the ssh gateway and then on the login node. You can use
ssh-copy-id to copy your public key from your local machine to the ssh gateway, e.g.,
ssh-copy-id -i ~/.ssh/id_rsa.pub <USERNAME>@ssh-gw.alice.universiteitleiden.nl
(use your ALICE password for this). This will put your public key in ~/.ssh/authorized_keys on the ssh gateway. Then login to the ssh gateway (
ssh <USERNAME>@ssh-gw.alice.universiteitleiden.nl) to test it. If it works log out again and use ssh-copy-id to deposite the key on a login node using the ssh tunnel defined above.
ssh-copy-id -i ~/.ssh/id_rsa.pub hpc1
This will put your public key in
~/.ssh/authorized_keys in your HOME directory on the login node. Verify that this step has worked by logging in to the login node (
ssh hpc1). It is sufficient to do this for only one login node. You will also be able to login to the other login node without entering your password now.
If all was setup correctly, you should be logged in to one of the login nodes without typing your password.
Accessing monitoring tools
Having set up the ssh tunneling required to access the monitoring tools on the cluster you are now able to access port 443 (general secure web server on the management node) and port 8081 (specific port in use by the Bright Cluster Manager monitoring tools).
So in a browser, you could type:
to gain access to the management main web server, or you could type:
to gain access to the Bright Cluster Manager User Portal.