Logging On or Connecting

Logging on to a Melbourne Bioinformatics (formerly VLSCI) computer

Compute jobs on Melbourne Bioinformatics computers are launched from the Unix command line. In order to access the Unix command line you must first log onto one of the Melbourne Bioinformatics computers. The process of logging on establishes a connection between your own computer and one of the computers at Melbourne Bioinformatics. Note that you must connect with a terminal session at least once before using tools that may, for example, copy files to your home directory. This is because that first connection is necessary to initialise your home directory on that particular system.

Secure shell (ssh)

To log on to our computers you must use the ssh (secure shell) protocol. This allows you to type commands in a window on your local computer and have them executed on a Melbourne Bioinformatics computer. To log on to a Melbourne Bioinformatics computer using ssh you must specify the fully qualified name of the computer. Melbourne Bioinformatics currently has two computers available to users: Snowy and Barcoo. Their fully qualified names are shown below:

The choice of which particular Melbourne Bioinformatics computer to use will depend on the job that you want to run and the resources allocated to your project. Consult with your project leader if you are not sure which computer to use.

Password authentication

If you do not have an ssh key, you can authenticate your ssh session using your password.

$ ssh myaccount@snowy.melbournebioinformatics.org.au
myaccount@snowy.melbournebioinformatics.org.au's password:
Last login: Thu Feb  9 15:22:56 2017 from 1.2.3.4

      WELCOME TO SNOWY - THE VLSCI LENOVO NEXTSCALE CLUSTER

Note that it was necessary to type the password when prompted, but the characters typed were not echoed (shown on screen).

Public key authentication

Another way to authenticate your ssh session is to use ssh keys.

Generating keys

You will need an ssh key pair. To generate one, use ssh-keygen. You can specify how long your ssh key should be using the -b argument. Longer is better, and nowadays a good value to use is 4096 or 8192. By default your new ssh keypair will be created in ~/.ssh/id_rsa (private key) and ~/.ssh/id_rsa.pub (public key).

If you use multiple remote systems, it's a good idea to use a separate key pair for each. To do this you will need to use a different name for the key pairs which can be done using the -f argument to ssh-keygen.

In this example we'll use both the -b and the -f arguments and generate a strong key pair to use specifically for Melbourne Bioinformatics systems

$ ssh-keygen -b 8192 -f ~/.ssh/melbioinf_id_rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/myaccount/.ssh/melbioinf_id_rsa.
Your public key has been saved in /home/myaccount/.ssh/melbioinf_id_rsa.pub.
The key fingerprint is:
SHA256:kwDeMzEP/QA1NtyL8reUT+FpqbqL78IcIVrGzI4u/Bk myaccount@mylocalsystem
The key's randomart image is:
+---[RSA 8192]----+
|    . ===.       |
|   . o *+o.      |
|   +. = .+ .     |
|    B o+..o .    |
|   * . +S  o +   |
|  o . . ..+ *    |
|.. E o . o *     |
|... o +.  o .    |
| ..o  .+*+       |
+----[SHA256]-----+

Notice that you are asked to enter and confirm a passphrase, and that the characters entered here are not echoed (shown on screen). The passphrase is used to encrypt your private key. Without it, an attacker may be able to make a copy of the private key file from your computer and gain access to your account. We require that you encrypt any private keys used to connect to Melbourne Bioinformatics systems. Please see our notes on protecting your private keys for more information.

Once complete you can see your new shiny new ssh keys sitting on disk:

$ ls .ssh
.ssh/melbioinf_id_rsa
.ssh/melbioinf_id_rsa.pub

Installing your public key

Your private key is private, and you shouldn't transmit it across any network. Your public key will need to be added to the remote systems you are using in order for key authentication to work. The public key should be appended to ~/.ssh/authorized_keys.

All Melbourne Bioinformatics clusters use the same disk system and your home directory is the same on each. So if you add your key once to snowy, you will also be ready to use key authentication for barcoo.

To copy your key you could try:

ssh-copy-id -i ~/.ssh/melbioinf_id_rsa.pub myaccount@snowy.melbournebioinformatics.org.au

This will require password authentication to make the copy, but if it is successful, subsequent authentications will be done via key authentication.

Note that some versions of Mac OS X do not include ssh-copy-id. In this case you may need to load the key more manually:

$ scp ~/.ssh/melbioinf_id_rsa.pub myaccount@snowy.melbournebioinformatics.org.au:
$ ssh myaccount@snowy.melbournebioinformatics.org.au
Password:
$ mkdir -p .ssh
$ chmod 700 .ssh
$ cat melbioinf_id_rsa.pub >> .ssh/authorized_keys

Using keys

When authenticating to a remote system, ssh will automatically try to authenticate using the ssh key at the default location, ~/.ssh/id_rsa. If you have named your key differently you can indicate this with the -i argument:

$ ssh -i .ssh/melbioinf_id_rsa myaccount@snowy.melbournebioinformatics.org.au

To avoid having to specify the key every time you ssh, you can add a stanza like the following to your ~/.ssh/config file:

Host snowy.melbournebioinformatics.org.au
    IdentityFile ~/.ssh/melbioinf_id_rsa

Handling ssh passphrases

Assuming you have generated a key pair and copied the public key to the correct place in your home directory, you should now be able to authenticate using public key authentication.

$ ssh myaccount@snowy.melbournebioinformatics.org.au
Enter passphrase for key '/home/myaccount/.ssh/melbioinf_id_rsa':

During this process, the private key must be decrypted. In order to do this, the passphrase for your private key must be entered. If this was required for every single ssh connection, it would feel much like authenticating with a password. Fortunately, this can be made easier.

In GNOME or Mac OS X, the first connection will prompt you for the key. The OS will then cache this key for a period of time. GNOME will generally offer a graphical prompt for the passphrase and then keep the key cached until you log out. Mac OS X in older versions did the same, but in the latest version it instead (by default) saves your passphrase into the Mac OS X keychain.

Other desktop enviroments handle this differently, so you may need to check your local documentation.

You can also run your own ssh-agent manually to hold a copy of your decrypted private key in memory. Check the ssh-agent documentation for more details of this approach.

Once you have an agent caching your ssh key, new connections don't prompt you at all:

$ ssh myaccount@snowy.melbournebioinformatics.org.au
Last login: Thu Feb  9 16:08:53 2017 from 1.2.3.4

      WELCOME TO SNOWY - THE VLSCI LENOVO NEXTSCALE CLUSTER

Microsoft Windows Users

Windows users can use putty for ssh connections. Click the 'download' from the top of that page, right click "putty.exe" and select "save as", save it on your desktop. There are a number of other versions and tools there, you probably don't need them. Double click the putty icon you have just saved and a config screen will open. When working with putty, its useful to have a "saved Session" to remember your settings. Lets make one to connect to Barcoo. Enter "barcoo.melbournebioinformatics.org.au" into the hostname field and enter "Barcoo-Melbourne Bioinformatics" in the Saved Session field, Click the Save Button. You can now initiate a connection to Barcoo by double clicking the "Barcoo-Melbourne Bioinformatics" entry in Saved Sessions list. You can add addition sessions or choose particular setting for a saved session in a similar manner.

Windows users will use WinSCP. From that website, click "Go to download page", click "portable executable" (it won't need admin assistance to install). It downloads as a zip file, open the zip and copy the file called winscp.exe to your desktop (and perhaps read the one called license). Double click the file you just made on the desktop and you'll get a config page. Enter barcoo.melbournebioinformatics.org.au into the hostname field and your user name into the User name field (security requires me to ask you not to enter your password at this stage). Click save and probably accept the suggested name. Now you can use that name to start an SCP session, note the first time you do, you may get a warning about "server host key", this is because its the first time the two computers have met, its quite safe to proceed.

Note that you cannot use WinSCP if you have never connected using a terminal session, the terminal session (using for example, Putty) is necessary to initialise your home directory.

Linux Users

Linux users can use ssh directly from the command line (but remember, ssh in at least once before copying files to a particular machine).

ssh barcoo.melbournebioinformatics.org.au
scp myfile myname@barcoo.melbournebioinformatics.org.au:myfile

Mac OS X Users

ssh is installed by default on Mac OS X. To use it you need to open the Terminal application, which is found under Applications - Utilities (or search for Terminal in the spotlight utility). The terminal gives you access to the Unix command line, from which you can invoke the ssh command.

General Notes

You should be able to connect from anywhere you have a normal network connection. However, some organisations block outgoing ssh connections so if you do not see the password prompt, its worth checking with you local IT department to see if you can have the appropriate network ports opened up or need to use a proxy.

Using X Windows

It is possible to send an X Windows screen back to your desktop. You will need to have what is called an XServer running on your desktop; for Linux and MacOSX before 10.8 (Mountain Lion) it is built in.

For MacOSX 10.8 (Mountain Lion) you will need to install Xquartz and Microsoft Windows users will need to install something like XWin32 (commercial) or XMing.

Xming is a great product if a little difficult to find the download links, look for the "Releases" block of table near top of page, and click the "Xming" link in the "Public Domain Releases" table (unless you want to go the donation path). Let the download happen and then grap the Xming-fonts from the same place. Many users will find that they need Admin help to install both.

The most common way to work is to connect to the remote Melbourne Bioinformatics machine using putty (Windows) or the ssh command line (Mac or Linux) and then start a GUI application (such as nedit) and have it display on your desktop. Don't forget to turn on XForwarding in putty or use the -X or -Y command line switches if using command line ssh. Your local XServer that runs on your desktop then need only accept connections from localhost your local putty or ssh session.