How to login

To connect to ASC you need:

• username
• password
• phone number for receiving OTP (One Time Password)

Info

The OTP is valid for 12 hours. You still need to enter your password each time for every new ASC session.

Login methods:

• ssh
• JupyterHUB
• Interactive Access: NoMachine (!M)

VPN

Since November 2013, access to ASC has been restricted to IP addresses associated with participating partner universities of the ASC project. Users wishing to connect from outside these IP ranges must first log in to a machine or service within their university network. A common method for connecting is using a Virtual Private Network (VPN). Here are specific instructions from some of the partner universiteis.

• University of Vienna: English | German
• TU Vienna: English | German
• University of Innsbruck: German
• University of Graz: German
• TU Graz: Web Single Sign-On

Warning

You either need to be in an partner university network to access ASC, which can be physically on campus or connected through the university's VPN. Or you need to connect via Wireguard tunnel, see below

Setting up Wireguard tunnel

Note

This can replace the VPN connection described above. However, the tunnel only connects you to the ASC network, so other services provided by the Universities which need VPN will not be available.

No user on MUSICA

If you do not have a user on the MUSICA system yet, you need to create one here - even if you do not intend to use MUSICA. Once done, proceed at the next step. If you have a MUSICA user, directly go to the next step.

User on MUSICA

• An request has to be made via the ticket system indicating the username so that a group can be assigned after which the wireguard-tunnel can be set up.
• Go to our authentication page and log in with your MUSICA user.
• You will be logged into the auth page that looks as follows:

• Click on the "Wireguard (VPN)" tab. This will open a new window where you will have to install the wireguard client in case you don't have it already.
• The download link is provided here
• Once installed, follow steps 1 and 2 indicated in the image below

This will open a page, where you will need to download the configuration file from steps 3 and 4 indicated in the image below.

• Save the configuration file in a folder with the default name.

For Windows/MacOS users

• Once the above steps are done, open the Wireguard GUI.
• "Add Tunnel" -> Import the downloaded tunnel configuration from above -> "Activate".
• Once successful, the status will be indicated by a green Active status as indicated below.

For Linux users

• Once the above steps are done, copy the contents of the downloaded configuration file to wg0.conf (or another name followed by .conf) in the /etc/wireguard/ directory.
• Use sudo wg-quick up wg0 to activate the tunnel connection.
• Use sudo wg-quick down wg0 to deactivate it.

ssh

Login via:

VSC-5

 ssh [-X] <username>@vsc5.vsc.ac.at

VSC-4

 ssh [-X] <username>@vsc4.vsc.ac.at

For MUSICA, see the relevant page here

X11 forwarding

The -X option refers to X11 forwarding, which allows to display the UI of the remote computer on your local machine. This is entirely optional. For example, applications like Mathematica or Matlab that have a graphical user interface, can be displayed on your own computer. Having said that... for better performance and because modern GUI does not run well on X-forwarding use NoMachine for application like Mathematica or Matlab. It is still useful for gnuplot, xmgrace and maybe some simple VESTA visualization.

Tip

Use NoMachine (!M) for graphic heavy applications.

One can also make this change permanent by adding the following line in $HOME/.ssh/config

ForwardX11 yes

Connecting to a specific login node

VSC-4 login nodes are named: l40, …, l49.

VSC-5 login nodes are named: l50, …, l56.

Using SSH keys

Besides the traditional password method to login, one can use the key-pair or public-key authentication. Each SSH key pair includes two keys: a public key and a private key. The public key is the one to be copied to the SSH server. The private key must remain with the user and must be kept secret. The server uses the public key to encrypt a message and send it to the client. If the client, on the user side, has the correct private key, it can decrypt the message and send it back to the server for verification.

Things to consider:

• Can be much more secure than regular password authentication.
• Can be less secure if used incorrectly (understand before use).
• Allows multiple logins without reentering password/pass phrase.
• Allows safer use of ssh chains.

Generate a key-pair on your local computer. The key must be protected by a passphrase. This passphrase should be as secure as possible. (just like a strong password).

Example to generating an ssh key-pair:

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key ($HOME/<username>/.ssh/id_rsa): 
Created directory '$HOME/<username>/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in $HOME/<username>/.ssh/id_rsa.
Your public key has been saved in $HOME/<username>/.ssh/id_rsa.pub.
...

Now one needs to put the key on the host system. Using ssh-copy-id is a convenient way to do it. (you will be asked for your password).

$ ssh-copy-id <username>vsc5.vsc.ac.at
<username>@vsc5.vsc.ac.at's password: 

Alternatively, you can anter the ssh-key into your account via the service website - see Account management.

Using ssh-keys is an option that allows you to open multiple shells on the cluster by entering your passphrase only once.

Note

In order to login to the cluster with the ssh key use the port 27 instead of the default port 22

ssh -p 27 <username>@vsc5.vsc.ac.at

SSH agent

It is possible to load the private key into your SSH agent using ssh-add -c. The -c option will ask for confirmation every time the key is used which increases security. With this ssh, scp will work without reentering your passphrase every time. With the strongly suggested -c option you have to hit enter in the confirmation dialog once every time your key is used.

$ ssh-add -c
Enter passphrase for $HOME/<username>/.ssh/id_rsa: 

IDE integration

Some IDEs allow for connections to be made from within the program. An example would be VSCode:

• Download an extension called "Remote Explorer".
• Create a new SSH tunnel by clicking the "+" symbol.
• ssh [-X] vsc5.vsc.ac.at in the command pallete.
• Chose one of the config file to save the SSH configuration.
• Chose the "->" to connect within the same window, or in a new VS Code window.
• A password prompt again appears in the command pallete after which you are logged into ASC using VS Code features.

For Windows users

Users on Windows machines can also use MobaXterm to connect:

• Download the free version of MobaXTerm from this link: MobaXTerm.
• Session -> SSH -> In Basic SSH settings, enter remote host as "vsc5.vsc.ac.at" -> Click Specify username and enter your userid -> Keep Port as 22 -> (Optional) Change name to your desired name in "Bookmark settings" in "Session name" as, say VSC5.
• Click ok.
• Enter your password and OTP to connect to the ASC login node.

Putty

Putty is an alternative to the standard terminal SSH connection, it was originally designed for the Windows platform, however, can also be used on other platforms, you can download it from: https://www.chiark.greenend.org.uk/~sgtatham/putty/

You can also use public-key authentication the PuTTY SSH client. The SSH agent in PuTTY is named Pageant. Please read the PuTTY documentation for more information.

As hostname, you have to enter one of our systems (either VSC4 or VSC5).

example hostname:

vsc5.vsc.ac.at