Login¶
Access to the ImpPhys HPC is provided via SSH through the bastion server linux-bastion-ex.tudelft.nl
and for students student-linux.tudelft.nl
. If needed, you can tunnel X11 to enable graphical output from the server.
Students must use bastion server student-linux.tudelft.nl
In the examples below students must replace linux-bastion-ex.tudelft.nl
with student-linux.tudelft.nl
.
Refer to the quickstart guide for the simplest method to log in with SSH.
Using ProxyJump on the Command Line¶
You can also use the ProxyJump
option directly on the command line:
ssh -o ProxyJump=<netid>@linux-bastion-ex.tudelft.nl <netid>@jupiter-imphys.tnw.tudelft.nl
Configuring SSH with a Configuration File¶
For greater flexibility, add the following configuration to the config
file in the .ssh
directory of your home folder:
Host bastion
HostName linux-bastion-ex.tudelft.nl
User <netid>
Host jupiter
HostName jupiter-imphys.tnw.tudelft.nl
ProxyJump bastion
User <netid>
Host saturn
HostName saturn-imphys.tnw.tudelft.nl
ProxyJump bastion
User <netid>
With this configuration, you can start a connection with ssh jupiter
.
Tunneling X11¶
To tunnel X11 from the server to your computer, add the -X
option. This will only work when using ProxyJump
.
Apple computers: black background in Xquartz
On some Apple computers, XQuartz may show a inverted background (black). This can be solved by creating the file java.opts
in your home directory on the server with the following contents:
-Dsun.java2d.xrender=false
-Dsun.java2d.pmoffscreen=false
found here: https://github.com/XQuartz/XQuartz/issues/31
Renew Kerberos ticket¶
When you log in with your password on the servers, you will automatically receive a Kerberos ticket with a limited validity period of 20 hours. With this ticket, you can access the network storages in /tudelft.net/
. Once the ticket expires, further access to these storages is denied.
It is possible to renew this ticket for up to one week. After this period, you need to log out and log in again to get a new ticket. You can automate the renewal process using the following instructions.
-
create a keytab file
/home/<netid>/keytab1
containing your encrypted password. This file will allow non-interactive renewal of your ticket (without typing your password):ktutil addent -password -p <netid>@TUDELFT.NET -k 1 -e aes256-cts-hmac-sha1-96 wkt /home/<netid>/keytab1
Note: replace
<netid>
with your actual netid -
you can now renew your ticket using the keytab file:
kinit <netid>@TUDELFT.NET -k -t /home/<netid>/keytab1
-
you can automate this process by adding a crontab job to renew the ticket every hour:
crontab -e "i" 10 * * * * /usr/bin/kinit <netid>@TUDELFT.NET -k -t /home/<netid>/keytab1 "<ESC>" ":wq"
Note: with
crontab -e
thevi
editor will be opened with your crontab jobs. You can start inserting text (insert-mode) invi
with the letteri
. When you are finished you can stop the insert-mode with the Esc key and write and quit with:wq
(type the colon followed by wq).