User accounts and access

Accounts | X Window System | Secure Shell access

Users must have accounts in order to log in to the high-performance computing (HPC) systems that CISL manages. As explained below, connecting to one of these systems from a local computer also requires the use of:

  • X Window software, and
  • Secure Shell access.

See VPN access if you need to use the virtual private network.


Accounts

Individuals who have user accounts can log in to CISL-supported HPC systems. Each person must have his or her own user account; they may not be shared.

Accounts are established when an allocation is awarded or when a project lead or project administrator later requests accounts for additional individuals. To request an account for an additional individual, send a request to cislhelp@ucar.edu. Include the user’s full name, phone number, email address, and a shipping address for delivery of an authentication token.

Users are responsible for keeping their contact information (email, phone, address, and so on) up to date by requesting changes as needed via email to cislhelp@ucar.edu.

If CISL personnel are unable to reach a user when necessary, the user's account will be locked. For additional information on responsibilities that come with having a user account, see User responsibilities.


X Window System

Microsoft Windows and Mac computer users need an X Window System in order to display graphics from the HPC environment on their local machines and to enable X11 forwarding when using interactive applications such as MATLAB. (Linux implementations typically come with the necessary X-display support.)

Consider one of these commonly used X system products for Windows:

xclock window

Mac OS X users can download XQuartz here.

To see if your local machine already has the required display support, log in to the HPC system with your SSH client and run xclock on your command line.

If you get the xclock window (see image), you have what you need.

If you get the following response, you need to install the X-display software (or start it if it is already installed) on your local machine.

Error: Can't open display:

Some users encounter the following message when trying to start an xterm window after logging in or when running a job.

xterm Xt error: Can't open display: localhost:12.0

Removing the .Xauthority file from your /glade/u/home/username directory as shown here may solve the problem. A new .Xauthority file will be created when you exit and log in again.

rm .Xauthority
rm: remove regular file `.Xauthority'? yes

Video demonstration

This video demonstrates how to start an interactive job on the Geyser cluster and use Cygwin/X to display an application's interface locally.

Start the video, then use the buttons at lower right to watch on YouTube.com.


Secure Shell access

Access to the NCAR systems that CISL manages is through a terminal window or emulator. It requires the use of Secure Shell (SSH) for secure logins, file transfers, and X Window clients.

SSH encrypts transmissions between computers. It provides interactive login, remote command execution, and file transfer services. For systems with X Window servers, SSH also can forward connections from the machine you log into back to your display.

It is installed on our systems, and your local system must have a compatible version. SSH clients are available for all major operating systems, including UNIX, Linux, Microsoft Windows, and Mac OS X. Computers running Mac OS X 10.0.1 or later use OpenSSH.

PuTTY SSH client
PuTTY SSH client

SSH clients and terminal window emulators

Here are links to some of the most-used SSH clients, which enable users to establish secure connections through terminal windows:

Client software is available for Apple's iPhones and iPads, too. While they lack the USB port needed for authentication with a YubiKey token, these devices can be used with other one-time-password tokens like the CRYPTOCard keypad.

Here are two examples of SSH clients for iOS devices:

 

Troubleshooting tips

Error message

 
Write failed: Broken pipe

What to do

This indicates that your SSH connection has been broken. The simplest solution is to reconnect.

Setting keepalives in PuTTY
Setting keepalives in PuTTY

Broken connections sometimes follow periods of inactivity. For example, you may find yourself disconnected after leaving your terminal for a while to go to lunch. You can address this by activating your SSH client’s “keepalives” setting.

If you use PuTTY, for example, start the client, then select Connection in the Category pane. (Click for image.) Enter 180 in the field that follows “Seconds between keepalives (0 to turn off).” Be sure to save the change so the packets are sent every three minutes.

Mac and Linux users sometimes need to include these lines in a local ~/.ssh/config file to enable persistent connections:

Host *
  ServerAliveInterval 120
  ServerAliveCountMax 3

Other considerations

  • If you get the error message while you are typing, the root cause can’t be inactivity. The most likely cause is that your machine’s IP address has changed. For example, it may have switched from a wired to a wireless network. You can prevent some changes by telling your machine not to switch networks without asking you first. Check your operating system’s instructions for how to do that.
  • If the problem persists, consider using a package such as GNU Screen or tmux, which allow you to restart a session right where it ended. This applies even if you ended the session yourself—for example, when leaving the office to start up again at home. Both are installed on the HPC systems that CISL manages. Just log in and run the screen or tmux command.