Standard Terminal Setup

Prerequisite

• Have an active account and project.
• Have one of:
  • Built in Linux/Mac terminal
  • Windows Subsystem for Linux
  • VSCode

Warn

The following instructions may not work when using any non-standard terminal client.

First time setup

The login process can be simplified significantly with a few easy configurations.

1. In a new local terminal run; mkdir -p ~/.ssh/sockets this will create a subdirectory in your home directory to store socket configurations.

2. Open your ssh config file (e.g. nano ~/.ssh/config to open with the text editor nano) and add the following (replacing username with your username):

   Host *
       ControlMaster auto
       ControlPath ~/.ssh/sockets/ssh_mux_%h_%p_%r
       ControlPersist 1
   
   Host nesilander 
       User username 
       HostName lander.hpc.nesi.org.nz 
       ForwardX11 yes
       ForwardX11Trusted yes
       ServerAliveInterval 300
       ServerAliveCountMax 2
   
   
   Host nesi
       User username 
       Hostname login.hpc.nesi.org.nz
       ProxyCommand ssh -W %h:%p nesilander
       ForwardX11 yes
       ForwardX11Trusted yes
       ServerAliveInterval 300
       ServerAliveCountMax 2
   

   Close and save with ctrl x, ctrl y, Enter

   Warning

   MobaXterm does not allow the use of sockets. If you are using MobaXterm please exclude the first four lines from your own ssh config.

3. Ensure the permissions are correct by running chmod 600 ~/.ssh/config.

4. Run the command.

   ssh nesi
   

5. You will be prompted to approve host authenticity

   The authenticity of host 'lander.hpc.nesi.org.nz (163.7.144.68)' can't be established.
   ECDSA key fingerprint is SHA256:############################################.
   ECDSA key fingerprint is MD5:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##.
   Are you sure you want to continue connecting (yes/no)? 
   

   Type yes and Enter

6. You will be presented with a link.

   Authenticate at https://iam.nesi.org.nz/realms/public/device?user_code=XXXX-XXXX and press ENTER.
   

   Depending on the terminal used, you may have to hold ctrl when clicking to follow the link.

   Double Authentication

   If you set up your .ssh/config as recommended you will be prompted to authenticate again.
   We are working on fixing this.

7. Select your institution, you will be prompted to provide your login details.

8. You are now asked about your current device: do you trust it or not?

9. If this device is a shared computer (e.g. university computer where you have to delete cookies) or if you are using incognito or private windows, please do not trust it: click No. This means that you will need to enter your one-time password (OTP) every time you log.
10. If this device is your own laptop and you are using a secure network, you can trust it: click Yes. This will allow you to log in without Second Factor Authentication (2FA) for 7 days.

If you have trusted your device, you have to enter a name for this device. This name must be unique but can be anything you want.

Note: You cannot trust two devices the same day with the same name. .

1. Scan the QR code with your authenticator app. Then enter the 6-digit code provided. You may give your device a name.

   

2. Return to your terminal, and press enter.

Subsequent log in

1. ssh nesi
2. Follow the link.
3. You may be prompted for your 6 digit code.
4. Return to your terminal, and press enter.

How-to Video

Watch a demo here.

What Next?

• Moving files to/from a cluster.
• Setting up an X-Server (optional).