Connecting to the NIH HPC systems
There are several secure options for connecting to the NIH HPC Systems
from a Windows, Mac or Linux desktop. The hostnames for the systems
are:
| Host |
Hostname |
Accessible by |
Purpose |
| Helix |
helix.nih.gov |
All HPC users |
data transfer |
| Biowulf |
biowulf.nih.gov |
All HPC users |
cluster headnode |
To connect to one of the HPC systems listed above your computer will need
one of the following:
- physically connected to the wired NIH network or the NIH-Staff wireless
(authentication required)
- connected to the NIH VPN (requires VPN client installed)
- (for NCI users): accessing the NIH network via NCI RemoteApps
For command line (text based) applications you will need an SSH (secure shell)
client to connect. For graphical applications a
graphical connection is required. We recommend the cross platform NX client.
Host key fingerprints
A host key is a cryptographic key used for authenticating computers in the
SSH protocol. Host keys are key pairs, typically using the RSA, DSA, or ECDSA
algorithms. Public host keys are stored on and/or distributed to SSH clients,
and private keys are stored on SSH servers.
When connecting to a new server for the first time ssh clients usually
report the fingerprint of a host key and ask if the user would like to store the
public host key to verify future connections. Below are the fingerprints of
the current biowulf and helix public host keys. If the fingerprint presented to
you matches the fingerprint below it is safe to accept the key and store it.
Some clients will present an md5 fingerprint, others a sha256 fingerprint.
md5 key fingerprints
helix
1024 MD5:e9:87:ba:5b:4b:fd:ca:82:04:79:c1:60:b3:99:95:75 helix (RSA)
256 MD5:6c:15:e2:92:f0:fe:2e:f0:ab:d8:ce:ee:e0:0c:8c:64 helix (ECDSA)
256 MD5:87:37:87:fe:4c:8d:6d:b2:36:b2:74:e2:ed:5a:66:e4 helix (ED25519)
biowulf
2048 MD5:92:77:3e:50:9a:69:9d:3e:5b:7f:d1:76:dc:2b:5c:b5 biowulf (RSA)
256 MD5:6c:15:e2:92:f0:fe:2e:f0:ab:d8:ce:ee:e0:0c:8c:64 biowulf (ECDSA)
256 MD5:87:37:87:fe:4c:8d:6d:b2:36:b2:74:e2:ed:5a:66:e4 biowulf (ED25519)
sha256 key fingerprints
helix
1024 SHA256:6fz4LcdAE71brp857n29I3+6whMCjAKXPVeZJPCkL7c helix (RSA)
256 SHA256:BoP/KLS17g+gUuQ7mrCHa9oPPO+MHi/h8WML44iA1dw helix (ECDSA)
256 SHA256:MBuANYkwgnJAlovbS1Kp1/S2hviPwkc/VOxCuFfW/lo helix (ED25519)
biowulf
2048 SHA256:rQ6vBSjlXGE56I0nwQfvvDduOwx+C1aRuT6cZnVpS8k biowulf (RSA)
256 SHA256:BoP/KLS17g+gUuQ7mrCHa9oPPO+MHi/h8WML44iA1dw biowulf (ECDSA)
256 SHA256:MBuANYkwgnJAlovbS1Kp1/S2hviPwkc/VOxCuFfW/lo biowulf (ED25519)
When connecting to Biowulf via NoMachine a different key will appear.
NoMachine Biowulf fingerprint
SHA256 06 83 FF 28 B4 B5 EE 0F A0 52 E4 3B 9A B0 87 6B DA 0F 3C EF 8C 1E 2F E1 F1 63 0B E3 88 80 D5 DC
Connecting from Windows
back to top
SSH
There are several SSH clients available on Windows.
PuTTY is a popular option amongst our
users. PuTTY is an SSH and telnet client, developed originally by Simon
Tatham. PuTTY is open source software and is developed and supported by a
group of volunteers. Recent versions of Windows include an SSH client with
PowerShell so you can connect to the NIH HPC systems without downloading or
installing anything.
Installing PuTTY
Installation of PuTTY may require administrative
privileges. Please consult with your local system administrators regarding
installation policies.
Because PuTTY is continuously updated, you should download the latest
version from
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.
The download page includes a self contained executable (putty.exe)
and an installer (putty-<version>-installer.msi). The installer
will require administrative privileges.
Once PuTTY is installed, start PuTTY by double-clicking the icon created
on your desktop or use your search bar to locate the executable
Setting up sessions with PuTTY
When starting PuTTY, you will see a dialog box. This dialog box allows
you to control everything PuTTY can do. In the 'Host Name' box, enter
helix.nih.gov or biowulf.nih.gov.
You don't need to change most of the configuration options, but here are
a few suggestions for Helix systems' use:
The Backspace Key
The Window Title
Enable X11 Forwarding
PuTTY can forward the X11 protocol which can be used together with an X11 server
on your computer to run graphical applictions. However, we recommend using NX
for this purpose
After making your configuration changes, be sure to save the session so you will not have to reconfigure PuTTY each time.
When first connecting to a new server, PuTTY will report that the server's host key
is not cached in the registry yet. It will present the fingerprint of the host key. If
the fingerprint matches one of the fingerprints shown above
it is safe to answer "yes" and store the key in PuTTY's cache
Creating icons on your Windows desktop
Right-click the PuTTY icon on your desktop, then left-click "Properties".
In the "Target" box under the Shortcut tab, type -load "helix" or -load "helix.nih.gov" after putty.exe:
Click on the 'General' tab and change the name from PuTTY to helix, then click the OK button.
Double-click on the helix icon to login to helix
To create an icon for any of the other systems, be sure to make a copy of the helix or PuTTY icon, then change the properties of the copy.
Documentation
For more in-depth knowledge of PuTTY, see the PuTTY Documentation Page
Graphical connection
We recommend NX for graphical connections. NX provides
more stable, performant and reliable graphics performance than other
platforms.
If you require high performance (hardware accelerated) graphics connections
to visualize data on Biowulf, you can allocate a session in the visual partition
with the svis command and connect via TurboVNC. Detailed instructions
are available here
Browser tunnel connection
Several useful tools like Jupyter
or RStudio Server can be run on
compute nodes in an interactive session and accessed in your browser.
These tools require configuration of an SSH "tunnel" between your computer
and the cluster. You can find details on how to connect to these tools on
their respective pages as well as a video
on how to set up these tunnels using the above connection methods.
Connecting from Macs
back to top
SSH
Mac OS X includes an ssh client. In a terminal window, type
ssh hostname to start an ssh session to a host. If your username on
your local system is different from your NIH domain username, you will need to
type ssh username@biowulf.nih.gov, for example, where 'username' is your
NIH domain username.
When first connecting to a new server, ssh will report that the server's
host key is not known. It will present the fingerprint of
the host key. If the fingerprint matches one of the fingerprints shown above it is safe to answer "yes" and store the
key. Some clients are configured to reject unknown keys outright. In that
case you can include -o StrictHostKeyChecking=ask.
In the following example, replace 'yourusername' with your NIH login username.
[mymac:~] macuser% ssh yourusername@biowulf.nih.gov
The authenticity of host 'biowulf.nih.gov (128.231.2.9)' can't be established.
ECDSA key fingerprint is SHA256:BoP/KLS17g+gUuQ7mrCHa9oPPO+MHi/h8WML44iA1dw.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'biowulf.nih.gov,128.231.2.9' (RSA) to the
list of known hosts.
***WARNING***
You are accessing a U.S. Government information system, which includes
(1) this computer, (2) this computer network, (3) all computers
connected to this network, and (4) all devices and storage media
attached to this network or to a computer on this network. This
information system is provided for U.S. Government-authorized use only.
Unauthorized or improper use of this system may result in disciplinary
action, as well as civil and criminal penalties.
By using this information system, you understand and consent to the
following:
* You have no reasonable expectation of privacy regarding any
communications or data transiting or stored on this information system.
At any time, and for any lawful Government purpose, the government may
monitor, intercept, record, and search and seize any communication or
data transiting or stored on this information system.
* Any communication or data transiting or stored on this information
system may be disclosed or used for any lawful Government purpose.
--
NOTE: This system is rebooted for patches and maintenance on the first
Monday of every month at 7:00 AM unless Monday is a holiday, in which
case it is rebooted the following Tuesday. A detailed schedule is
available at http://helix.nih.gov/Documentation/reboots.html
Last login: Wed Jul 8 11:34:37 2015 from hostname
[username@biowulf ~]$
Graphical connection
We recommend NX for graphical connections. NX provides
more stable, performant and reliable graphics performance than other
platforms.
If you require high performance (hardware accelerated) graphics connections
to visualize data on Biowulf, you can allocate a session in the visual partition
with the svis command and connect via TurboVNC. Detailed instructions
are available here
As of OS X 10.6, XQuartz is no longer included with the Mac OS and NIH HPC staff
does not recommend using it. If you choose to use XQuartz, you can add the -Y
option to your ssh command to forward the X11 connection.
Connecting from Linux
back to top
SSH
Linux automatically includes SSH software. In a terminal window, type ssh
username@hostname to start an ssh session to a host, where username is your NIH
domain username. A sample session will be exactly like the Mac session
displayed above.
When first connecting to a new server, ssh will report that the server's
host key is not known. It will present the fingerprint of
the host key. If the fingerprint matches one of the fingerprints shown above it is safe to answer "yes" and store the
key. Some clients are configured to reject unknown keys outright. In that
case you can include -o StrictHostKeyChecking=ask.
Graphical connection
Your Linux distribution automatically installs X11. In a terminal window,
type ssh -Y username@hostname to start an ssh session to a host,
where username is your NIH domain username.
Sample session:
[mylocaluser@mylinux:~ ] ssh -Y username@biowulf.nih.gov
[..govt warning...]
Last login: Wed Jul 8 11:34:37 2015 from hostname
[username@biowulf ~]$ xclock
At this point you are logged on to Helix and can run Xwindows programs. To
test, type xclock at the prompt. You should see a clock window appear
on your desktop.
Alternatively, you can also use the NX cross platform client
If you require high performance (hardware accelerated) graphics connections
to visualize data on Biowulf, you can allocate a session in the visual partition
with the svis command and connect via TurboVNC. Detailed instructions
are available here
Additional Authentication Information
back to top
GSSAPI (Kerberos) Access
Connecting with ssh keys
Troubleshooting
back to top
- Are you on the NIH network or the VPN?
- If not, you will not be able to connect to Biowulf or Helix. A simple test
if you are on VPN is to point your web browser to this test page. If you see 'Access
forbidden!', then you are not on the VPN.
- Is your Biowulf/Helix account locked?
- Your account may be locked due to inactivity. If you are on the NIH network
or the VPN, you can check the status and unlock it yourself by going to the User Dashboard. If you are unable to access the
dashboard, send email to staff@hpc.nih.gov asking for your account to be
unlocked.
If you are on the VPN or the NIH network, and your account is unlocked, and you are still not able to connect, please send the following information to the HPC staff (staff@hpc.nih.gov):
- what kind of computer and Operating System you’re connecting from
- what software are you using to connect and which version? (e.g. putty, command-line ssh, NX)
- what was the error message?