Logging In
Here, you’ll find DNS names for our login nodes, sorted by cluster, their hostkey fingerprints and some examples showing how you can connect from the command line.
The Login Nodes
Names and Aliases
The proper DNS names of all frontend nodes and convenient aliases are provided in the table below. For square brackets with a number range, substitute any number in the range.
| Cluster | Cluster island/Purpose | Aliases | Login node/s |
|---|---|---|---|
| SCC | login | login-mdc.hpc.gwdg.de login-mdc[1-2].hpc.gwdg.de gwdu[101-102].gwdg.de (deprecated) | gwdu[101-102].hpc.gwdg.de |
| transfer | transfer-mdc.hpc.gwdg.de transfer-scc.gwdg.de gwdu108.gwdg.de (deprecated) | gwdu108.hpc.gwdg.de | |
| CIDBN (restricted) | login-dbn02.hpc.gwdg.de | ||
| sa/hh (restricted) | ngs01.hpc.gwdg.de | ||
| NHR | Emmy Phase 2 | glogin-p2.hpc.gwdg.de glogin.hpc.gwdg.de glogin.hlrn.de (deprecated) glogin[3-8].hlrn.de (deprecated) | glogin[3-8].hpc.gwdg.de |
| Emmy Phase 3 | glogin-p3.hpc.gwdg.de | glogin[11-13].hpc.gwdg.de | |
| Grete, REACT, KISSKI | glogin-gpu.hpc.gwdg.de | glogin[9-10].hpc.gwdg.de |
The login nodes marked as restricted in the table above are restricted to specific research groups.
Aliases marked as deprecated will eventually disappear and stop working.
The SCC login nodes are not reachable directly from outside GÖNET if you are not using VPN. You may have to use the NHR login nodes as jumphosts with the -J command line switch or the ProxyJump option.
It is not recommended to directly ssh to them as an SCC user, since your home and/or scratch directories are not reachable from there and you will receive respective warnings and error messages.
The login nodes for each phase of NHR match the CPU architecture and default software stack of their respective compute nodes. Compilers, by default, will either compile for the most generic version of the host’s architecture (poor performance) or for the exact CPU the host is running (which could then crash and/or have sub-optimal performance on a compute node with a different CPU architecture).
SSH key fingerprints
When first connecting, SSH will warn you that the host’s key is unknown and to make sure that it is correct, in order to avoid man-in-the-middle attacks. The following table contains all SHA-256 fingerprints of the host keys of the login nodes and jumphosts, arranged by key algorithm:
| Node(s) | sha256 fingerprint ed25519 |
|---|---|
| gwdu[101-102].hpc.gwdg.de login-dbn02.hpc.gwdg.de glogin[1-13].hpc.gwdg.de ngs01.hpc.gwdg.de | SHA256:PPK0aO2QZ/k4duUx18Pp5AOKG/gFEBHgw/bl8vg9oJk |
| gwdu108.hpc.gwdg.de | SHA256:Vylg/10HwDRxPUuOarcngRFH2jmDlnxWOqte7rnR3OI |
| Node(s) | sha256 fingerprint rsa |
|---|---|
| gwdu[101-102].hpc.gwdg.de login-dbn02.hpc.gwdg.de glogin[1-13].hpc.gwdg.de ngs01.hpc.gwdg.de | SHA256:EJyZLROEobVuCm2hSeEhcAIEB80PbZ85U4u4XNnvM4k |
| gwdu108.hpc.gwdg.de | SHA256:RMgbCZ58sWYfZZv5T2DE9bOAFfN06xm9aMw1MjzjvLM |
| Node(s) | sha256 fingerprint ecdsa |
|---|---|
| gwdu108.hpc.gwdg.de | SHA256:sIJNEepmILeEq/7Zqq4HCtpTM8L98arWTny5EiAX+gI |
The SSH key fingerprints are not the public keys themselves, but a checksum of them.
Fingerprints are a compact fixed-size way to verify SSH keys, as the keys themselves can be large enough to be unwieldy.
The lines in ~/.ssh/known_hosts on your client machine store the SSH public keys of each known server whose key has been accepted, rather than the fingerprints.
Do not copy and paste SSH key fingerprints into ~/.ssh/known_hosts.
When you connect to a login node for the first time or when its SSH key changes, your SSH client will show you the new fingerprint (and the old one if it changed).
If it is your first time connecting to the node, it will ask you to check the fingerprint and accept it if it’s correct.
If it has changed, it will tell you that you need to delete the old key in ~/.ssh/known_hosts.
With OpenSSH’s client, it will print the line number of the line to be deleted and often a command you can use to remove the offending line/s more easily.
You can also use ssh-keygen -R to remove outdated hostkeys.
For example: ssh-keygen -R glogin.hpc.gwdg.de
(You might have to repeat the command with any other combination of aliases and hostnames you have used in the past, i.e. glogin9.hpc.gwdg.de, glogin.hlrn.de, etc.)
After that, you’ll be able to confirm the hostkey on your next login with the fingerprints from the table above.
Example Logins with OpenSSH
Logging into an SCC login node
With the .ssh/config file setup as in the Simple configuration examples, you can just run ssh SCC.
Your terminal session could look something like
jdoe1@laptop:~> ssh SCC
Enter passphrase for key '/home/jdoe1/.ssh/id_ed25519':
Last login: Wed Mar 20 09:05:45 2024 from 10.45.123.45
Loading software stack: scc-lmod
Your current login node is part of login-mdc
gwdu101:90 15:58:26 ~ >
When using a jumphost, you may have to enter the passphrase for your private key twice (once for the jumphost and once for the actual login node).
If you are not using a configured Host entry (not recommended) or want to know how to connect “manually” (useful for troubleshooting),
here is how you would do so (using a jumphost):
ssh jdoe1@login-mdc.hpc.gwdg.de -i .ssh/id_ed25519 -J jdoe1@glogin.hpc.gwdg.de
Or, if you are using an older SSH client:
ssh jdoe1@login-mdc.hpc.gwdg.de -i .ssh/id_ed25519 -o ProxyCommand="ssh -i .ssh/id-rsa -W %h:%p jdoe1@glogin.hpc.gwdg.de"
Make sure to replace jdoe1 with your actual username.
Logging into an NHR Grete login node
With the .ssh/config file setup as in the Simple configuration examples, you can run just ssh Grete.
The terminal session could look something like
jdoe1@laptop:~> ssh Grete
Enter passphrase for key '/home/jdoe1/.ssh/id_ed25519':
Last login: Wed Mar 20 09:05:45 2024 from 123.4.56.78
Loading software stack: nhr-lmod
Found scratch directory, setting $WORK to '/scratch/usr/nimjdoe'
Found temporary files directory, setting $TMPDIR to '/scratch/tmp/nimjdoe'
__ ________ _ _____ ____ __ __ ______ _______ ____
\ \ / / ____| | / ____/ __ \| \/ | ____| |__ __/ __ \
\ \ /\ / /| |__ | | | | | | | | \ / | |__ | | | | | |
\ \/ \/ / | __| | | | | | | | | |\/| | __| | | | | | |
\ /\ / | |____| |___| |___| |__| | | | | |____ | | | |__| |
_ \/ _\/ _|______|______\_____\____/|_| |_|______|____|_|__\____/
| \ | | | | | __ \ ____ / ____\ \ / / __ \ / ____|
| \| | |__| | |__) | / __ \ | | __ \ \ /\ / /| | | | | __
| . ` | __ | _ / / / _` | | | |_ | \ \/ \/ / | | | | | |_ |
| |\ | | | | | \ \ | | (_| | | |__| | \ /\ / | |__| | |__| |
|_| \_|_| |_|_| \_\ \ \__,_| \_____| \/ \/ |_____/ \_____|
\____/
Documentation https://docs.hpc.gwdg.de Support nhr-support@gwdg.de
PARTITION NODES (BUSY/IDLE) LOGIN NODES
grete:shared 53 / 9 glogin-gpu.hpc.gwdg.de
grete-h100 4 / 0 glogin-gpu.hpc.gwdg.de
Your current login node is part of glogin-gpu
[nimjdoe@glogin9 ~]$
Logging into a specific node
This is essential if one needs to
- Reconnect to a tmux or screen session
- Reconnect to a session started by an IDE over SSH
- Use a dedicated login node for one’s research group (for those with such a login node)
- Use a login node with particular hardware
With the .ssh/config file setup as in the Advanced configuration examples for all nodes configured individually, you would run just ssh NODE where NODE is the name of the node or a suitable alias.