Biowulf High Performance Computing at the NIH
Connecting to the NIH HPC systems

There are several secure options for connecting to the NIH HPC Systems from a Windows, Mac or Linux desktop. The hostnames for the systems are:

Host Hostname Accessible by Purpose
Helix helix.nih.gov All HPC users data transfer
Biowulf biowulf.nih.gov All HPC users cluster headnode

To connect to one of the HPC systems listed above you will need to be either

  1. physically connected to the wired NIH network or the NIH-Staff wireless (authentication required)
  2. connected to the NIH VPN (requires VPN client installed)

For command line (text based) applictions you will need an SSH (secure shell) client to connect. For graphical applications a graphical connection is required. We recommend the cross platform NX client.

Host key fingerprints

A host key is a cryptographic key used for authenticating computers in the SSH protocol. Host keys are key pairs, typically using the RSA, DSA, or ECDSA algorithms. Public host keys are stored on and/or distributed to SSH clients, and private keys are stored on SSH servers.

When connecting to a new server for the first time ssh clients usually report the fingerprint of a host key and ask if the user would like to store the public host key to verify future connections. Below are the fingerprints of the current biowulf and helix public host keys. If the fingerprint presented to you matches the fingerprint below it is safe to accept the key and store it. Some clients will present an md5 fingerprint, others a sha256 fingerprint.

md5 key fingerprints

helix
1024 MD5:e9:87:ba:5b:4b:fd:ca:82:04:79:c1:60:b3:99:95:75 helix (RSA)
256 MD5:6c:15:e2:92:f0:fe:2e:f0:ab:d8:ce:ee:e0:0c:8c:64 helix (ECDSA)
256 MD5:87:37:87:fe:4c:8d:6d:b2:36:b2:74:e2:ed:5a:66:e4 helix (ED25519)

biowulf
2048 MD5:92:77:3e:50:9a:69:9d:3e:5b:7f:d1:76:dc:2b:5c:b5 biowulf (RSA)
256 MD5:6c:15:e2:92:f0:fe:2e:f0:ab:d8:ce:ee:e0:0c:8c:64 biowulf (ECDSA)
256 MD5:87:37:87:fe:4c:8d:6d:b2:36:b2:74:e2:ed:5a:66:e4 biowulf (ED25519)

sha256 key fingerprints

helix
1024 SHA256:6fz4LcdAE71brp857n29I3+6whMCjAKXPVeZJPCkL7c helix (RSA)
256 SHA256:BoP/KLS17g+gUuQ7mrCHa9oPPO+MHi/h8WML44iA1dw helix (ECDSA)
256 SHA256:MBuANYkwgnJAlovbS1Kp1/S2hviPwkc/VOxCuFfW/lo helix (ED25519)

biowulf
2048 SHA256:rQ6vBSjlXGE56I0nwQfvvDduOwx+C1aRuT6cZnVpS8k biowulf (RSA)
256 SHA256:BoP/KLS17g+gUuQ7mrCHa9oPPO+MHi/h8WML44iA1dw biowulf (ECDSA)
256 SHA256:MBuANYkwgnJAlovbS1Kp1/S2hviPwkc/VOxCuFfW/lo biowulf (ED25519)
Connecting from Windows
back to top

SSH

There are several SSH clients available on Windows. PuTTY is a popular option amongst our users. PuTTY is an SSH and telnet client, developed originally by Simon Tatham. PuTTY is open source software and is developed and supported by a group of volunteers. Recent versions of Windows include an SSH client with PowerShell so you can connect to the NIH HPC systems without downloading or installing anything.

Installing PuTTY

Installation of PuTTY may require administrative privileges. Please consult with your local system administrators regarding installation policies.

Because PuTTY is continuously updated, you should download the latest version from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html. The download page includes a self contained executable (putty.exe) and an installer (putty-<version>-installer.msi). The installer will require administrative privileges.

Once PuTTY is installed, start PuTTY by double-clicking the icon created on your desktop or use your search bar to locate the executable

Setting up sessions with PuTTY

When starting PuTTY, you will see a dialog box. This dialog box allows you to control everything PuTTY can do. In the 'Host Name' box, enter helix.nih.gov or biowulf.nih.gov.

Enter host name

You don't need to change most of the configuration options, but here are a few suggestions for Helix systems' use:

The Backspace Key

Set backspace key to Control H

The Window Title

Set Window Title

Enable X11 Forwarding

PuTTY can forward the X11 protocol which can be used together with an X11 server on your computer to run graphical applictions. However, we recommend using NX for this purpose

Enable X11 Forwarding

After making your configuration changes, be sure to save the session so you will not have to reconfigure PuTTY each time.

Save session

When first connecting to a new server, PuTTY will report that the server's host key is not cached in the registry yet. It will present the fingerprint of the host key. If the fingerprint matches one of the fingerprints shown above it is safe to answer "yes" and store the key in PuTTY's cache

Creating icons on your Windows desktop

Right-click the PuTTY icon on your desktop, then left-click "Properties".

Change PuTTY Properties

In the "Target" box under the Shortcut tab, type -load "helix" or -load "helix.nih.gov" after putty.exe:

Edit properties

Click on the 'General' tab and change the name from PuTTY to helix, then click the OK button.

Changing icon name

Double-click on the helix icon to login to helix

To create an icon for any of the other systems, be sure to make a copy of the helix or PuTTY icon, then change the properties of the copy.

Documentation

For more in-depth knowledge of PuTTY, see the PuTTY Documentation Page

Graphical connection

We recommend NX for graphical connections. NX provides more stable, performant and reliable graphics performance than other platforms.

If you require high performance (hardware accelerated) graphics connections to visualize data on Biowulf, you can allocate a session in the visual partition with the svis command and connect via TurboVNC. Detailed instructions are available here

Connecting from Macs
back to top

SSH

Mac OS X includes an ssh client. In a terminal window, type ssh hostname to start an ssh session to a host. If your username on your local system is different from your NIH domain username, you will need to type ssh username@hostname

When first connecting to a new server, ssh will report that the server's host key is not known. It will present the fingerprint of the host key. If the fingerprint matches one of the fingerprints shown above it is safe to answer "yes" and store the key. Some clients are configured to reject unknown keys outright. In that case you can include -o StrictHostKeyChecking=ask.

[mymac:~] macuser% ssh user@biowulf.nih.gov
The authenticity of host 'biowulf.nih.gov (128.231.2.9)' can't be established.
ECDSA key fingerprint is SHA256:BoP/KLS17g+gUuQ7mrCHa9oPPO+MHi/h8WML44iA1dw.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'biowulf.nih.gov,128.231.2.9' (RSA) to the
list of known hosts.
                             ***WARNING***

You are accessing a U.S. Government information system, which includes
(1) this computer, (2) this computer network, (3) all computers
connected to this network, and (4) all devices and storage media
attached to this network or to a computer on this network. This
information system is provided for U.S.  Government-authorized use only.

Unauthorized or improper use of this system may result in disciplinary
action, as well as civil and criminal penalties.

By using this information system, you understand and consent to the
following:

* You have no reasonable expectation of privacy regarding any
communications or data transiting or stored on this information system.
At any time, and for any lawful Government purpose, the government may
monitor, intercept, record, and search and seize any communication or
data transiting or stored on this information system.

* Any communication or data transiting or stored on this information
system may be disclosed or used for any lawful Government purpose.

--

NOTE: This system is rebooted for patches and maintenance on the first
Monday of every month at 7:00 AM unless Monday is a holiday, in which
case it is rebooted the following Tuesday.  A detailed schedule is
available at    http://helix.nih.gov/Documentation/reboots.html

Last login: Wed Jul  8 11:34:37 2015 from hostname
[username@biowulf ~]$ 

Graphical connection

We recommend NX for graphical connections. NX provides more stable, performant and reliable graphics performance than other platforms.

If you require high performance (hardware accelerated) graphics connections to visualize data on Biowulf, you can allocate a session in the visual partition with the svis command and connect via TurboVNC. Detailed instructions are available here

As of OS X 10.6, XQuartz is no longer included with the Mac OS and NIH HPC staff does not recommend using it. If you choose to use XQuartz, you can add the -Y option to your ssh command to forward the X11 connection.

Connecting from Linux
back to top

SSH

Linux automatically includes SSH software. In a terminal window, type ssh username@hostname to start an ssh session to a host, where username is your NIH domain username. A sample session will be exactly like the Mac session displayed above.

When first connecting to a new server, ssh will report that the server's host key is not known. It will present the fingerprint of the host key. If the fingerprint matches one of the fingerprints shown above it is safe to answer "yes" and store the key. Some clients are configured to reject unknown keys outright. In that case you can include -o StrictHostKeyChecking=ask.

Graphical connection

Your Linux distribution automatically installs X11. In a terminal window, type ssh -Y username@hostname to start an ssh session to a host, where username is your NIH domain username.

Sample session:

[mylocaluser@mylinux:~ ] ssh -Y user@biowulf.nih.gov

[..govt warning...]

Last login: Wed Jul  8 11:34:37 2015 from hostname
[username@biowulf ~]$ xclock

At this point you are logged on to Helix and can run Xwindows programs. To test, type xclock at the prompt. You should see a clock window appear on your desktop.

Alternatively, you can also use the NX cross platform client

If you require high performance (hardware accelerated) graphics connections to visualize data on Biowulf, you can allocate a session in the visual partition with the svis command and connect via TurboVNC. Detailed instructions are available here

Additional Authentication Information
back to top

GSSAPI (Kerberos) Access

Connecting with ssh keys

Troubleshooting
back to top
Are you on the NIH network or the VPN?
If not, you will not be able to connect to Biowulf or Helix. A simple test if you are on VPN is to point your web browser to this test page. If you see 'Access forbidden!', then you are not on the VPN.
Is your Biowulf/Helix account locked?
Your account may be locked due to inactivity. If you are on the NIH network or the VPN, you can check the status and unlock it yourself by going to the User Dashboard. If you are unable to access the dashboard, send email to staff@hpc.nih.gov asking for your account to be unlocked.

If you are on the VPN or the NIH network, and your account is unlocked, and you are still not able to connect, please send the following information to the HPC staff (staff@hpc.nih.gov):