Child pages
  • Logging In

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If you ever close your Hyak account, you can return your unused token either via campus mail to AdminApp, Box 359540, or by dropping it off at UW Tower C-3000.

 


Background

The sshd configuration on the Hyak login nodes require two factor authentication. Two factor authentication requires you to provide your username and password (things you know), along with a one-time password generated by a hardware token or your phone (something you have). We have configured Hyak to use two factor authentication to reduce the threat to the system from break in attempts using stolen passwords or brute force.

...

Hyak and lolo are configured to provide fast network access whether you connect from on or off campus. For this to work, you should allow your workstation to get its DNS configuration automatically from the DHCP service on your network whether you connect from on or off campus. (don't worry if you don't know what DNS or DHCP mean). Please check your DHCP configuration if you have trouble connecting to Hyak.

Some groups have nodes on both ikt.hyak and mox.hyak. Some groups have nodes only on one of ikt.hyak or mox.hyak. Ask an experienced user in your group to find out which one you should use.

Use ssh (v2) client to get a shell on the mox.hyak head node, e.g. from command line:

To connect to iktmox.hyak:

No Format
 ssh -X yourUWnetid@iktyourUWnetid@mox.hyak.uw.edu

To connect to mox.hyak

ssh -X yourUWnetid@mox.hyak.uw.edu

 


The "keyboard-interactive" authentication method must be present in the list of authentication methods that your client tries.

You will be required to provide two factors for valid authentication. The two factors are your UWNetID password and a pseudorandom number from Duo. Effectively this means you will be presented with a typical password prompt and an additional prompt to enter the number from Duo:

Password:

Duo passcode:

 


This prompt, (unlike the password prompt) will echo the pseudorandom number that you enter.

...

The authentication method that implements two factor authc, "keyboard-interactive", is only available on clients that speak the SSH-2 protocol.  Older UW-branded Teraterm speaks only SSH-1, and will not work for getting in directly to hyak in one hop. Users of older UW teraterm should install a newer ssh client.  See https://itconnect.uw.edu/wares/uware/putty-software/ for one option.

 


Shells

By default users are set up with the bash shell. We recommend bash unless a user is sufficiently advanced to troubleshoot all of their own shell issues. For the complexity of things people typically do in their login scripts, there's little difference between shells. There's also little difference in interactive features between any of the shells at this point. Your shell becomes even less relevant if you're following best practices and using Environment Modules.

...

Users need to do all their interactive work, including compiling and building software, on the compute nodes (n####)  or on the build nodes and NOT on the head/login node (ikt.hyak.uw.edu or mox.hyak.uw.edu). The login nodes are for interacting with the scheduler and transferring data to and from the system. See below link for how to get a build node or a compute node:

Mox_scheduler