Connecting to MARCC
Users will access MARCC resources by connecting to the login nodes through the secure shell (SSH) protocol.
Connecting to login nodes
Users should use the secure shell (SSH) to log into MARCC, which is included in Linux distributions and Mac OS. For Windows, we recommend using Putty if you want command line only (see following section for GUI).
MARCC uses a “gateway” virtual machine that manages connections to 3 login nodes.
$ ssh -X gateway2.marcc.jhu.edu -l userid Example: ssh -X gateway2.marcc.jhu.edu -l email@example.com An alternative: ssh -X "firstname.lastname@example.org"@gateway2.marcc.jhu.edu
-X flag is used to forward the X11 display (see below) and can be omitted if you plan to use the command line and text-based tools only.
The default shell is bash (including /bin/sh), but also available are dash, tcsh, and ksh.
We have selected the “Google Authenticator” for simplicity. Multi-factor authentication will require a known credential (your marcc password) plus an unknown credential (what the user has, a code provided by a smartphone, for example).
- Download the Google Authenticator app to your smartphone
- Follow directions to install the app.
- Connect to this website https://password.marcc.jhu.edu/?action=qrretrieve
- Scan the QR Code into the Google Authenticator application
- You may have to download another app to scan the barcode (follow instructions)
- Alternatively, you can enter the key displayed just above the QR Code by hand
- Log in using ssh:
ssh gateway2.marcc.jhu.edu -l userid
- Type in the code from the Google Authenticator App when prompted for your “Verification Code:”
- Type in your marcc password when prompted.
- You should be connected.
- If you enter your password incorrectly, you will have to wait for your phone to give you a new code. The code is only good once and cannot be entered multiple times.
- You do not need a Google Account. If you follow these directions, you should be able to add the new entry to Google Authenticator without signing into Google.
Sign in only once per reboot (multiplexing)
To avoid having to authenticate (entering the verification code followed by your password) every time you open an ssh connection or use scp, you can sign in once and use the same connection for all your needs.
On your local Unix-based computer, enter the following text into the file (create it if necessary) ~/.ssh/config
Host gateway2.marcc.jhu.edu ControlMaster auto ControlPath ~/.ssh/control:%h:%p:%r
Then, start the master connection in the background (adding -X if you use X11 forwarding):
ssh -fNM gateway2.marcc.jhu.edu -l email@example.com
Now, every time you ssh or scp into gateway2 it should use the authenticated connection and not ask for any password. The only downside is that simultaneously transferring large files and trying to work on a terminal through the same connection may cause lag in your terminal. To open a new connection without going through the master, use the option
-o ControlMaster=no. To close this background connection:
ssh -O stop gateway2.marcc.jhu.edu
but note that this will close all open connections. You can alternatively choose to run the master connection interactively by omitting the
-fNM argument, in which case closing the master connection in the normal way will close all open connections.
GUI and window manager
In order to use software with a GUI, you will need to use an X11 application. On a Mac, check that you have X11 under Utilities or download XQuartz from the Apple website. On Windows, you can use an application like Cygwin. When connecting with ssh, make sure the -X flag is used to get an X11 connection.
Users can transfer data across the network using secure copy (scp) from within a Linux/Mac/Cygwin terminal. A simple scp command from a terminal would be
$ scp sourcedir/filename.ext [userid]@dtn2.marcc.jhu.edu:/home/[userid]/targetdir/filename.ext
The above command will copy the file filename.ext from the local computer to the user’s home directory in MARCC (replacing any existing file with that name). Note that the order is important: if reversed, the file will be copied from MARCC to the local directory.