Users will access MARCC resources by connecting to the login nodes through the secure shell (SSH) protocol.

Connecting to login nodes

Users should use the secure shell (SSH) to log into MARCC, which is generally included in Linux distributions and MAC OS. For Windows, we recommend using Putty if you want command line only (see following section for GUI).

MARCC uses a “gateway” virtual machine that manages connections to two login nodes.

$ ssh -X gateway2.marcc.jhu.edu -l userid

Example: ssh -X gateway2.marcc.jhu.edu -l johndoe@jhu.edu

An alternative:

ssh -X "johndoe@jhu.edu"@gateway2.marcc.jhu.edu

The -X flag is used to forward the X11 display (see below) and can be omitted if you plan to use command line and text based tools only.

The default shell is bash (including /bin/sh), but also available are dash, tcsh, and ksh.

Multi-factor authentication

We have selected the “Google authenticator” for simplicity. Multi-factor authentication will require a known credential  (your marcc password) plus an unknown credential (what the user has, a code provided by a smartphone, for example).

Steps:

  1. Download the Google authenticator app to your smart phone
  2. Follow directions to install the app.
  3. Connect to this web site https://password.marcc.jhu.edu/?action=qrretrieve
  4. Scan the QR Code into the Google Authenticator application
    • You may have to download another app to scan the bar code (follow instructions)
    • Alternatively you can enter the key displayed just above the QR Code by hand
  5. Log in using ssh:
    ssh gateway2.marcc.jhu.edu -l userid
  6. Type in the code from the Google Authenticator App when prompted for your “Verification Code:”
  7. Type in your your marcc password when prompted.
  8. You should be connected.

Notes:

  • If you enter your password incorrectly, you will have to wait for your phone to give you a new code. The code is only good once and cannot be entered multiple times.
  • You do not need a Google Account. If you follow these directions, you should be able to add the new entry to Google Authenticator without signing into Google.

Sign in only once per reboot (multiplexing)

To avoid having to authenticate (entering the verification code followed by your password) every time you open a an ssh connection or use scp, you can sign in once and use the same connection for all your needs.

On your local Unix-based computer, enter the following text into the file (create it if necessary) ~/.ssh/config

Host gateway2.marcc.jhu.edu
ControlMaster auto
ControlPath ~/.ssh/control:%h:%p:%r

Then, start the master connection in the background (adding -X if you use X11 forwarding):

ssh -fNM gateway2.marcc.jhu.edu -l userid@jhu.edu

Now, every time you ssh or scp into gateway2 it should use the authenticated connection and not ask for any password. The only downside is that simultaneously transferring large files and trying to work on a terminal through the same connection may cause lag in your terminal. To open a new connection without going through the master, use the option -o ControlMaster=no. To close this background connection:

ssh -O stop gateway2.marcc.jhu.edu

but note that this will close all open connections. You can alternatively choose to run the master connection interactively by omitting the -fNM argument, in which case closing the master connection in the normal way will close all open connections.

To set up a multiplexed connection on Windows, use Plink with PuTTY.

GUI and window manager

In order to use software with a GUI, you will need to use and X11 application. x11-displayOn a Mac, check that you have X11 under Utilities or download XQuartz from the Apple web site. On Windows, you can use an application like Cygwin. When connecting with ssh, make sure the -X flag is used to get an X11 connection.

Transferring data

Users can transfer data across the network using secure copy (scp) from within a Linux/Mac/Cygwin terminal. A simple scp command from a terminal would be

$ scp sourcedir/filename.ext [userid]@dtn2.marcc.jhu.edu:/home/[userid]/targetdir/filename.ext

The above command will copy the file filename.ext from the local computer to the user’s home directory in MARCC (replacing any existing file with that name). Note that the order is important: if reversed, the file will be copied from MARCC to the local directory.