Skip to content

Login

Access to the ImpPhys HPC is provided via SSH through the bastion server linux-bastion-ex.tudelft.nl. If needed, you can tunnel X11 to enable graphical output from the server.

Refer to the quickstart guide for the simplest method to log in with SSH.

Using ProxyJump on the Command Line

You can also use the ProxyJump option directly on the command line:

ssh -o ProxyJump=<netid>@linux-bastion-ex.tudelft.nl <netid>@jupiter-imphys.tnw.tudelft.nl

Configuring SSH with a Configuration File

For greater flexibility, add the following configuration to the config file in the .ssh directory of your home folder:

.ssh/config
Host bastion
    HostName linux-bastion-ex.tudelft.nl
    User <netid>
Host jupiter
    HostName jupiter-imphys.tnw.tudelft.nl
    ProxyJump bastion
    User <netid>
Host saturn
    HostName saturn-imphys.tnw.tudelft.nl
    ProxyJump bastion
    User <netid>

With this configuration, you can start a connection with ssh jupiter.

Tunneling X11

To tunnel X11 from the server to your computer, add the -X option. This will only work when using ProxyJump.

Apple computers: black background in Xquartz

On some Apple computers, XQuartz may show a inverted background (black). This can be solved by creating the file java.opts in your home directory on the server with the following contents:

java.opts
-Dsun.java2d.xrender=false
-Dsun.java2d.pmoffscreen=false

found here: https://github.com/XQuartz/XQuartz/issues/31

Renew Kerberos ticket

When you log in with your password on the servers, you will automatically receive a Kerberos ticket with a limited validity period of 20 hours. With this ticket, you can access the network storages in /tudelft.net/. Once the ticket expires, further access to these storages is denied.

It is possible to renew this ticket for up to one week. After this period, you need to log out and log in again to get a new ticket. You can automate the renewal process using the following instructions.

  1. create a keytab file /home/<netid>/keytab1 containing your encrypted password. This file will allow non-interactive renewal of your ticket (without typing your password):

    ktutil
addent -password -p <netid>@TUDELFT.NET -k 1 -e aes256-cts-hmac-sha1-96
wkt /home/<netid>/keytab1

    Note: replace <netid> with your actual netid

  2. you can now renew your ticket using the keytab file:

    kinit <netid>@TUDELFT.NET -k -t /home/<netid>/keytab1

  3. you can automate this process by adding a crontab job to renew the ticket every hour:

    crontab -e
"i"
10 * * * * /usr/bin/kinit <netid>@TUDELFT.NET -k -t /home/<netid>/keytab1
"<ESC>"
":wq"

    Note: with crontab -e the vi editor will be opened with your crontab jobs. You can start inserting text (insert-mode) in vi with the letter i. When you are finished you can stop the insert-mode with the Esc key and write and quit with :wq (type the colon followed by wq).