Accessing NSC compute resources

Most NSC compute resources/systems are traditional HPC clusters where users login to a login node (“head node”) to submit batch jobs or use the system interactively.

The first thing you need is a login account. See Getting Access for more information.

When you have requested a login account and received the password setting email (for most clusters) or an email with an initial temporary password (for some older clusters), you should follow the instructions you received as soon as possible, to set your real password. There is a seven day limit in either case. If you miss this deadline, contact NSC Support to receive a new email.

Some NSC clusters use two-factor authentication (“2FA”). For accounts on those clusters, you will also be asked to register the account in your TOTP app. See this page for details.

The login node name is usually named after the cluster (e.g tetralith.nsc.liu.se for the Tetralith cluster).

You can find the correct login node host name and SSH key fingerprints (used when you login for the first time, see below) for most NSC clusters here:

SHA256:FRp4QgKKiBd2kf7cHQb+9SZ4sY3e7nirDY+05iQRWBo tetralith.nsc.liu.se (RSA)
SHA256:dwFmOFzy59e+OdZmMLAW3fj+GeMGACYwjPgc7LKZgSU tetralith.nsc.liu.se (ECDSA)
SHA256:jpV1uznj81W+4sVOEe5l6rJocIRrUVKc8+hKECIKcVY tetralith.nsc.liu.se (ED25519)

SHA256:xH1Cdn7XknkZmALFiVviFn+fuLYUTjvYYetMDHsUSWk sigma.nsc.liu.se (RSA)
SHA256:n/qC19CJCQINPYrAMjw1Z35YpdnWUQt3/5oUVTjlNWc sigma.nsc.liu.se (ECDSA)
SHA256:QPHiQqJNsgfhZ7LtZWZ5bhtRRs1weuOzyPqp2PvIhAE sigma.nsc.liu.se (ED25519)

SHA256:HqWb5r3mCuysWbF5l0WJOOrqlfn8eEgui/NBTmL7d5E nebula.nsc.liu.se (ECDSA)
SHA256:2sxBy0qtGZgJodlf17KpN3coWDvYxwUBY24HeioPd7Y nebula.nsc.liu.se (ED25519)
SHA256:ZfBdfb28c7dq70oJanhnQWyYUn40IZabvcIfHvj27nU nebula.nsc.liu.se (RSA)

SHA256:G2B8o2P9Jo7+MJ5t4So94DwLika5zvsPjfyfBJ8ChWA freja.nsc.liu.se (RSA)
SHA256:XslB8odpxV3GN7Grmzd5YpY3A/QYYpO9TxD/3mEJdT4 freja.nsc.liu.se (ECDSA)
SHA256:8IN724PEgZPjMN6VYGl5xbyRw1GewUSkwWzE5QW4RdM freja.nsc.liu.se (ED25519

Note: the Thinlinc client will display the SSH key fingerprint in a different format. You will find the correct fingerprints in that format on the Thinlinc page

You can also find these (and more information about getting started) here: Tetralith, Sigma, Nebula, Freja, Cirrus, Stratus

All clusters support SSH logins, and file transfers using any method (e.g sftp, WinSCP) that uses SSH or SFTP.

You can use any SSH client that supports the SSH protocol version 2 (all modern SSH clients should be able to, e.g OpenSSH and PuTTY).

Tetralith, Sigma and Freja also have remote desktop software (ThinLinc) installed, which allows you to run graphical applications with comparable responsiveness as if they ran on your own computer. See the Running Graphical Applications page for more information.

Security

Please read this guide on security on NSC systems, it will show you how to keep your account and the rest of the system secure, and also how to use SSH logins as efficiently as possible (e.g not having to type your password all the time).

Logging in for the first time (Tetralith, Sigma, Freja, Nebula)

For these clusters you will have chosen your password using a link you receive in an email before your first login to the cluster.

When you use SSH or Thinlinc to connect to the cluster for the first time you will usually be asked by your SSH client if the SSH key fingerprint is correct. The SSH key fingerprint is a way for you to verify that the computer you are connecting to is really the one you expected, and not a compromised system trying to steal your credentials.

If the SSH key fingerprint does not match, do NOT enter your password, close your SSH client instead. Then make sure you are using the correct host name1. If you are using the correct host name and still get the wrong SSH key fingerprint, do not enter your password and contact NSC Support.

If the SSH key fingerprint matches, tell your SSH client to remember it in for future logins by answering yes when prompted.

Then enter your password, and you should be logged in to the cluster.

For clusters using 2FA, after entering your password, you will be asked for a “Verification code”. Enter the six digits displayed in your TOTP app for that account, and you will then be logged in to the cluster.

The next time you login from that computer to the cluster, your SSH client will automatically verify the SSH key fingerprint and warn you if it has changed. If that happens, do not enter your password and contact NSC Support.

Example of a first login session:

me@mylaptop:~$ ssh x_makro@tetralith.nsc.liu.se
The authenticity of host 'tetralith.nsc.liu.se (2001:6b0:17:140::1:10)' can't be established.
ECDSA key fingerprint is SHA256:dwFmOFzy59e+OdZmMLAW3fj+GeMGACYwjPgc7LKZgSU.

Since the fingerprint shown matches the one listed above, it is safe to continue. Answer “yes”, and then enter the password you chose earlier.

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'tetralith.nsc.liu.se,2001:6b0:17:140::1:10' (ECDSA) to the list of known hosts.
x_makro@tetralith.nsc.liu.se's password:
Last login: Thu Dec 17 10:20:35 2020 from 2001:def:abc:dead:beef:0a0a:0b0b:0c0c
Welcome to NSC and Tetralith!
[...]
[x_makro@tetralith2 ~]$ 

Logging in for the first time (Stratus, Cirrus)

On these clusters, you will be given an initial temporary password via email that you must then change when you login to the cluster for the first time.

For technical reasons, you must do this first login using regular SSH (e.g not using ThinLinc, SFTP, SSH using SSH/ControlMaster, …).

Verify the SSH key fingerprint as listed above, then login using the temporary password. You will then be forced to change your password.

Follow the instructions on screen, they will tell you to enter your initial password once, and then your new permanent password twice.

Choose a good password, and do not use that password for anything else except your cluster account. If you want to change your password later, use the passwd command on the login node.

When you have chosen a new password you will automatically be logged out.

You can then login normally to the cluster.

If you cannot log in

Follow the login problems instructions.

  1. Due to DNS wildcard records , many common misspellings of the correct host name will actually exist and not give you an error if you use them. Sometimes there is even an SSH server on that host, but it is NOT the NSC cluster you’re looking for, and it may steal your password. Examples of BAD host names you should NOT use as they will NOT connect you to an NSC cluster: whatever.nsc.se, tetralith.nsc.se, tetralith.nsc.lix.se. 


User Area

User support

Guides, documentation and FAQ.

Getting access

Applying for projects and login accounts.

System status

Everything OK!

No reported problems

Self-service

SUPR
NSC Express