Child pages
  • Logging In
Skip to end of metadata
Go to start of metadata

Account Setup

Only account sponsors may request accounts for users. If your account sponsor has not indicated they have set up an account for you, we cannot enable your account. You are required to have a UW NetID to access Hyak.

Once your account sponsor notifies you that your NetID has been setup for access, you'll have to subscribe to the service:

  1. Go to https://uwnetid.washington.edu/manage/?service
  2. Click the "Hyak Server" check box in the "Inactive Services" section.
  3. Click the "Subscribe >" button at the bottom of the page.
  4. Read the notice and click the "Finish" button.

Two-factor authentication (2FA)

Duo-Access

A two-factor token is required to login to Hyak. Visit the IT Connect Two-factor authentication site and click the Set up a smartphone or tablet link or one other the other options.

Getting a Token

Or a hardware two-factor token is required to login to Hyak. Visit the IT Connect Authentication site and click the Security Token Request Form link. Fill out and submit the form.

Returning a Token

If you ever close your Hyak account, you can return your unused token either via campus mail to AdminApp, Box 359540, or by dropping it off at UW Tower C-3000.

 

Background

The sshd configuration on the Hyak login nodes require two factor authentication. Two factor authentication requires you to provide your username and password (things you know), along with a one-time password generated by a hardware token or your phone (something you have). We have configured Hyak to use two factor authentication to reduce the threat to the system from break in attempts using stolen passwords or brute force.

Connect to Hyak

Hyak and lolo are configured to provide fast network access whether you connect from on or off campus. For this to work, you should allow your workstation to get its DNS configuration automatically from the DHCP service on your network whether you connect from on or off campus. (don't worry if you don't know what DNS or DHCP mean). Please check your DHCP configuration if you have trouble connecting to Hyak.

Some groups have nodes on both ikt.hyak and mox.hyak. Some groups have nodes only on one of ikt.hyak or mox.hyak. Ask an experienced user in your group to find out which one you should use.

Use ssh (v2) client to get a shell on the hyak head node, e.g. from command line:

To connect to ikt.hyak:

 ssh -X yourUWnetid@ikt.hyak.uw.edu

To connect to mox.hyak

ssh -X yourUWnetid@mox.hyak.uw.edu

 

The "keyboard-interactive" authentication method must be present in the list of authentication methods that your client tries.

You will be required to provide two factors for valid authentication. The two factors are your UWNetID password and a pseudorandom number from Duo. Effectively this means you will be presented with a typical password prompt and an additional prompt to enter the number from Duo:

Password:

Duo passcode:

 

This prompt, (unlike the password prompt) will echo the pseudorandom number that you enter.

Your token can get out-of-sync if you generate ten consecutive numbers and do not use any of them to log in. If your token is out-of-sync, your login attempt will fail. You can reset your token on the UW Net ID Management page.

The authentication method that implements two factor authc, "keyboard-interactive", is only available on clients that speak the SSH-2 protocol.  Older UW-branded Teraterm speaks only SSH-1, and will not work for getting in directly to hyak in one hop. Users of older UW teraterm should install a newer ssh client.  See https://itconnect.uw.edu/wares/uware/putty-software/ for one option.

 

Shells

By default users are set up with the bash shell. We recommend bash unless a user is sufficiently advanced to troubleshoot all of their own shell issues. For the complexity of things people typically do in their login scripts, there's little difference between shells. There's also little difference in interactive features between any of the shells at this point. Your shell becomes even less relevant if you're following best practices and using Environment Modules.

If you opt to use a different shell that bash, you'll have to write your job scripts in your shell of choice, or add a line to your bash job scripts that load the environment for modules: '. /etc/profile.d/modules.sh'

You can change your shell to bash with the chsh command on one of the login servers. Your shell will be immediately changed on the Hyak login servers, though it may take ten minutes to propagate this change to the compute nodes. You'll have to completely log out, then log back in again before you start using your new shell.

Shell Problems

If you encounter shell problems, please reset your login scripts using the below procedure. Depending on your existing login scripts, the below commands may produce a few errors. The procedure still works however.

 login$ cd ~
 login$ mkdir OLDENV
 login$ for i in `ls -A /etc/skel/`; do mv -f $i OLDENV; done
 login$ cp /etc/skel/.* .
 login$ logout

You must log out completely of all sessions (if you don't need to retype your password, you've not completely logged out). You can then log back in with a fresh environment.

System Use

Users need to do all their interactive work, including compiling and building software, on the compute nodes (n####)  or on the build nodes and NOT on the head/login node (ikt.hyak.uw.edu or mox.hyak.uw.edu ). The login nodes are for interacting with the scheduler and transferring data to and from the system. See below link for how to get a build node or a compute node:

Mox_scheduler

 

  • No labels