Access Prerequisites | Available
Resources | Access Policies | Passwords | Using
SSH to Access LC Machines
Virtural Private Network (VPN) Access | Machine
Login Names | Logging In to LLNL Machines |
Login Nodes
Logging
in to LANL/Sandia Machines | File Transfers |
Miscellaneous Access Topics | Additional
Information
Follow this table to determine
what is needed to access unclassified (OCF) or classified (SCF) Livermore Computing (LC) systems. |
Going to =>
Coming from => | SCF | OCF | ||||
---|---|---|---|---|---|---|---|
Valid account on the LC machine(s) you wish to use (see the Accounts Web pages) | X | X | X | X | X | X | |
Network connectivity from your local machine to the LC OCF or SCF network | X | X | X | X | X | X | |
SSH (version 2) software installed on your local machine (see Using SSH below) | X | X | X | X | X | X | |
One-time Password (OTP) token + PIN * (see Passwords below) | X | X | X | X |
X | ||
Virtual Private Network (VPN) account + VPN software (see VPN Access below) | X | ||||||
Ability to authenticate locally with credential forwarding (kinit -f) | X |
*SCF users currently may authenticate with an OTP or a static password. In future, however, only OTP authentication will be allowed.
Most information about Los Alamos HPC and Sandia HPC resources requires LANL/Sandia authentication. See Tri-Lab High-Performance Computing Support for authentication instructions.
As part of obtaining an account, all users should have completed and be familiar with Livermore Computing Policies and Procedures and the Livermore Computing Computer Security Briefing.
OCF and SCF users (except for LANL and Sandia on the SCF) authenticate via an OTP token and PIN. The LC Hotline will send you an OTP token when you are given an account. An OTP is a small, key fob-like device that generates random 6-digit numbers. When you receive your OTP token, you must enable it before you can log in. Instructions are provided with your account notification e-mail and can also be found at https://access.llnl.gov/. The same OTP token is used for both OCF and SCF; however, a different PIN is used for each network.
OTPs are also used for other services, such as access to restricted Web pages and remote (off-site) access accounts.
Under certain circumstances, an OTP server may lose track of the values it expects from a particular token. In such cases, it is necessary to enter two consecutive token codes so the server can resynchronize itself. This can be done at OTP Token Diagnostics. If a token is locked out, you can unlock it at Test My OTP Token.
Currently, SCF users may authenticate via a static password (8-character machine-generated) instead of an OTP. These passwords expire every six months. SCF static passwords can be changed online on the SCF at https://lc.llnl.gov/bin/passwd/. Lockouts can occur when a password is entered incorrectly too many times. The lock is released after 15 minutes. If multiple lockouts occur, your account may be permanently locked. You must obtain a new password from the LC Hotline (walk-in or certified mail) if your password expires or you become permanently locked out.
Note: Static SCF passwords will be discontinued in the near future, and only authentication via OTP will be allowed.
Secure Shell (SSH), is the only login method for LC systems. SSH includes SCP or SFTP for file transfers between hosts. For more information on SSH and SCP, SSH access modes, RSA authentication, and how-tos, see the Secure Shell section of the Introduction to Livermore Computing Resources.
The Guide to Using Secure Shell (SSH) to Access Livermore Computing Machines includes a table summarizing the options to access LC OCF and SCF systems. See also Setting Up SSH Keys.
Currently, LC requires all SSH access to be compatible with SSH version 2.
VPN access is provided for off-site, unclassified LC access. It is required for the following types of access:
Most remote users are automatically provided with a VPN account when they apply for any LC machine account. Using VPN involves downloading and installing VPN software provided by LLNL. Before accessing LLNL, users need to start VPN locally, authenticate, and then SSH to LLNL as usual.
For full VPN information, including software downloads, please see: https://access.llnl.gov/vpn_access/.
For most users (except LANL and Sandia), accessing a computing system is simply a matter of SSHing to the name of the system you wish to access. For example (assuming the .llnl.gov domain):
ssh atlas
ssh purple
ssh yana
When a cluster has more than one login node, LC automatically "round-robins" among the available login nodes for load balancing. So, it is possible that each time you log in, you may be placed on a different physical login node. In most cases, this is unimportant to users.
For LANL and Sandia users, special machine login names must be used because of technical issues. These special login machine names are listed below.
LLNL Machine Login Names to Be Used by LANL/Sandia Users | |
---|---|
Atlas | atlas0-pub atlas32-pub atlas512-pub atlas544-pub atlas608-pub atlas1088-pub atlas1120-pub |
BlueGene/L | bgl1 bgl2 bgl3 bgl4 bgl5 bgl6 bgl7 bgl8 bgl9 bgl10 bgl11 |
Eos | eos0-pub eos1-pub |
Gauss | gauss0 gauss1 gauss2 gauss3 |
Hera | hera0-pub hera1-pub hera552-pub hera553-pub hera840-pub hera841-pub |
Hopi | hopi1 hopi2 hopi3 hopi4 |
Juno | juno0-pub juno1-pub juno552-pub juno553-pub juno576-pub juno577-pub juno1128-pub juno1129-pub |
Minos | minos0-pub minos32-pub minos512-pub minos544-pub minos576-pub minos608-pub |
Prism | prism0-pub prism1-pub |
Purple | ascpurple1 ascpurple2 ascpurple3 ascpurple4 |
Rhea | rhea0-pub rhea32-pub rhea512-pub rhea544-pub |
Tempest | tempest01 tempest02 |
ubgl | ubgl1.llnl.gov ubgl2.llnl.gov ubgl3.llnl.gov ubgl4.llnl.gov ubgl5.llnl.gov ubgl6.llnl.gov |
uP | up |
Yana | yana1 yana2 yana3 yana4 |
Zeus | zeus286-pub zeus287-pub |
Login methods vary, depending upon where you are coming from and where you want to go. The instructions below assume that the Access Prerequisites have been met. All access requires SSH (version 2) as described in Using SSH to Access LC Machines.
LLNL OCF (Unclassified) Systems | ||
---|---|---|
From | Inside LLNL | ssh loginmachine User ID: LLNL userid Password: LLNL PIN + OTP |
LANL/Sandia | ssh -l llnl-username loginmachine.llnl.gov Password: LLNL PIN + OTP |
|
Outside LLNL | Start VPN ssh loginmachine.llnl.gov User ID: LLNL userid Password: LLNL PIN + OTP |
|
LLNL SCF (Classified) Systems | ||
From | Inside LLNL | ssh loginmachine User ID: LLNL userid Password: LLNL PIN + OTP or Static SCF password |
LANL/Sandia | Authenticate locally with credential forwarding (kinit -f) using your LANL/Sandia password ssh -l llnl-username loginmachine.llnl.gov No user ID or password required |
|
Other DOE Sites | ssh loginmachine.llnl.gov User ID: LLNL userid Password: LLNL PIN + OTP or Static SCF password |
Whenever you log in to an LC system, you are placed onto a login node. These nodes are dedicated to serving interactive activities such as file editing, launching batch jobs, compiling, file transfer, debugging and other short duration activities. At any one time, there may be multiple users on a login node.
These nodes should not be used to run parallel and/or production jobs! By doing so, you may seriously degrade the performance of others' interactive work. Be sure to use nodes designated for interactive or batch production work to run jobs.
For more information about the differences between login nodes and nodes designated for production work, please see the Login Nodes section of the "Introduction to Livermore Computing Resources" tutorial and the Running Jobs section of this Computing Web site.
Both LANL and Sandia classified Tri-lab systems support Kerberos passwordless SSH access from LLNL. Unclassified access requires the use of a LANL or Sandia CRYPTOCard. Consult the Sandia Access Instructions or the LANL Access Instructions.
Files may be transferred using Hopper, SCP, FTP, SFTP, NFT, or HTAR. On some systems, XFTP and XDIR are also available. For more details, see the File Transfer and Sharing section of Introduction to Livermore Computing Resources.
Open Terminal Server (OTS) Access
LC provides dial-up telephone access
to llnl.gov resources as if you are on site. For more information see
https://access.llnl.gov/ots_access/brief.html
Foreign Nationals at LLNL
There are additional access policies and restrictions for Foreign Nationals.
See
Foreign Nationals at LLNL for details.
Access to LLNL Unclassified Restricted Servers
To request access to restricted network servers, see Obtaining
Access to the LLNL Restricted Open (Yellow) Network.