Skip to end of metadata
Go to start of metadata

Computerome requires 2-Factor authentication for access, using Entrust IdentityGuard Mobile app from Google Play or Apple App Store.

Courses

Need help try a course




SSH login to Computerome 2.0

Authorized users of Computerome 2.0 may log in using SSH version 2 to the interactive front-end node ssh.computerome.dk. 

Computerome 2.0 requires two-factor authentication for access:

  • Your user name is sent to you in email.
  • For first-factor authentication, use the temporary password sent to you in SMS. Change it at first login using passwd command.
  • For second-factor authentication, use:
    • either the passcode sent to you in SMS at login attempt (the default option),
    • or install the Entrust IdentityGuard Mobile app on your mobile to receive and approve push notifications. This is how you set up the soft token.


In Computerome 2.0, no other software token (e.g Google Authenticator) is available for second factor authentication, than Entrust IdentityGaurd Mobile app. 


Please note: lifsci is fictional user for educational purposes. Please replace it with the username sent to you - <username>@ssh.computerome.dk

ssh lifsci@ssh.computerome.dk
 
#############################################################
#                                                           #
#                 Welcome to Computerome 2.0                #
#                                                           #
#                         NOTICE !!!                        #
#        This system requires 2-factor authentication       #
#                                                           #
#       To login, type your password and press Enter.       #
#     This sends either an SMS passcode to your mobile      #
#    or a push-notification to Entrust IdentityGuard app.   #
#   If the push-notification times out, a new prompt line   #
#    asks for the 8 digit security code shown in the app.   #
#                                                           #
#           BY LOGGING INTO THIS SYSTEM YOU ACCEPT          #
#         COMPUTEROME'S TERMS AND CONDITIONS OF USE.        #
#                                                           #
#############################################################
 
Password: #Type your password here and press Enter, this will trigger the second-factor authentication and the cursor will pop up in the next line.
 
_ #Confirm the second-factor authentication request here by either entering the passcode received in SMS or confirming the Entrust push-notification on your mobile.
 
Enter a response from your token with serial number 06679-04429. #Pops up only when the Entrust push-notification times out. Type the 8 digit Entrust pascode here and press enter.
 
Last login: Fri Jan 10 12:10:38 2020 from <some IP address>
 
[lifsci@g-12-l0002 ~]$

Windows PC users

Windows PC users are recommended to use the free Windows SSH client PuTTY for command-line SSH login to Computerome. If you need to display graphical tools from Computerome on your Windows PC, PuTTY will forward your X11 (a.k.a. X-Windows) display onto your PC.

However, in order to Windows to actually display X11, you need to install an X11 server on your PC. Please, see the excellent X11 on Windows page on Niflheim Wiki for further information.

Several commercial solutions are also available, some even provide bundled SSH and X11 functionality - such as MobaXterm for instance.

MobaXterm and 2-factor authentication

MobaXterm does not "play nice" with 2-factor authentication.

Per default, MobaXterm will open an embedded SFTP browser (called SSH-browser) when you start the terminal; this does not work with 2-factor authentication, since it means that you will attempt to start two different connections simultaneously, resulting in unwanted behavior in your login.

To avoid this, you need to make the following changes to MobaXterm:

Settings => Configuration => SSH

SFTP settings
[ ] Enable graphical SSH-browser									<-- must be unchecked
[ ] Automatically switch to SSH-browser tab after login				<-- must be unchecked

Sessions settings
[V] Use 2-factor authentication for SSH gateways                    <-- must be checked 

You should always create a new connection in MobaXterm by clicking

Session => SSH/SFTP/SCP/<whatever>

Copy and paste problems on Computerome X applications when using Xquartz server on Mac

Ensure that your XQuartz → Preferences → Pasteboard settings are:
Enable syncing: y
Update Pasteboard when CLIPBOARD changes: n
Update CLIPBOARD when Pasteboard changes: y
Update PRIMARY (middle-click) when Pasteboard changes: y
Update Pasteboard immediately when new text is selected: n


If you try using ssh-type commands in the MobaXterm terminal window, 2-factor authentication will fail.

SFTP Client Configurations

In order to use most FTP/SFTP clients on a 2 factor system you will need to limit the maximum simultaneous connections to avoid multiple login prompts. You should also set up Entrust as your Two-Factor Authentication method. 
Here you can see how to setup the mostly used clients. 

Filezilla - free FTP solution

Changes has been made in recent versions which means that Quickconnect no longer works with 2 factor authentication

GLOBAL
Go to Edit->Settings->Transfers 
Change Maximum simultaneous transfers to 1
SITE PROFILE / BOOKMARK
Go to File->Site Manager->(your profile)->Transfer settings
Check Limit number of simultaneous connections
Change Maximum number of connections to 1
Change Login type to Interactive

WinSCP - Free SFTP. SCP, S3 and FTP client for Windows

Seems to be a good solution for Windows.

Cyberduck - storage browser for Mac and Windows

The current Cyberduck version works with our Two-Factor Authentication as long as it is Entrust. 

GLOBAL
Go to Edit->Preferences->Transfers
Change Transfer Files to Use browser connection
SITE PROFILE / BOOKMARK
Right click your profile and select Edit Bookmark
Change Transfer Files to Use browser connection

Login access restrictions

Please note that for reasons of security, SSH login access is only possible from the known Internet domains of authorized users.

If your connection terminates unexpectedly

If you are connecting to Computerome though a slightly unstable connection (Internet/WAN/similar), you may experience that it terminates with messages like

packet_write_wait: ... Broken pipe error.
In such a case you could try adding the following to your ~/.ssh/config
ServerAliveInterval 60
If you are on Windows, using PuTTY, the equivalent is to set
PuTTY Configuration => Connection => Seconds between keepalives (0 to turn off): 60


Virtual desktop

Computerome 2.0 provides a virtual desktop solution based on Cendio ThinLinc. For Computerome 2.0 you need to download the regular ThinLinc client from Cendio’s website - as opposed to the customized ThinLinc clients used for Computerome 1.0. 

To install your ThinLinc client, download the suitable installation file and follow the wizard. Type desktop.computerome.dk into Server field. Provide your Computerome 2.0 user name and password and press Connect.



Press Continue, when the below window pops-up.


Press OK in the Login Banner window. After this a pop-up window will request the pass code for the 2-factor authentication.



Desktop login to Computerome 2.0

Computerome 2.0 provides a virtual desktop solution based on Cendio ThinLinc

ThincLinc Clients for Computerome 2.0

Thinlinc Client is available from Cendio download page


Several users experience that Gnome UI/UX runs very slow in Thinlinc. It is recommended to use other alternatives, such as Mate.

Loading anaconda module in your login environment will conflict with ThinLinc login, causing messages such as "Could not acquire name on the session bus" - please ensure that your do not do this, if you plan to use ThinLinc.

If you get the message "no password configured for VNC Auth", you need to select the following in the ThinLinc Client startup:
[ v ] End existing session


Two-factor authentication


Computerome 2.0 requires two-factor authentication for access:

  • User name is sent to you in email.
  • For first factor authentication, use the temporary password sent to you in SMS. Change it at first login using passwd command.
  • For second factor authentication, use:
    • Either the passcode sent to you in SMS (the default option)
    • Or install the Entrust IdentityGuard soft token on your mobile.


In Computerome 2.0, no other software token is available for second factor authentication, than Entrust IdentityGaurd Mobile app.   


Setting up the Entrust IdentityGuard soft token


On your mobile phone:

1. Open Google Play or Apple App Store, and install the Entrust IdentityGuard Mobile app.

On your computer:

2. Open a web browser and go to: https://ssm.computerome.dk/IdentityGuardSelfService/authenticate/firstFactorAuthentication

3. Click on the “Let me use an OTP to log in” link in the bottom line.

         


It takes app. 10 minutes for the script to enable OTP after user activation. In case you get the below error message 10 minutes after you received the welcome mail, contact computerome@dtu.dk.

4. Type your personal Computerome 2.0 user name (sent to you in mail) into the User Name field. Press OK.

          

5. Click OK to the OTP (one-time password). This will send a code to your mobile phone in SMS.

          

6. Type the code received in SMS into the field. Press OK.

         

7. Press Yes in the next panel, as you already installed Entrust IdentityGuard Mobile application on your mobile phone in the very first step.

         

8. Select option 3 in the next panel saying, “I want to activate a soft token identity on a mobile device that may not be connected to the internet”. Press Next. The QR code will pop up in the browser.

On your mobile phone:

9. Open the Entrust IdentityGuard Mobile app on your mobile phone.

10. In the top left corner open the menu and select Scan QR Code menu item. This will activate the camera on your phone.

11. Use the camera to scan the QR code displayed in the web browser on your computer. When the mobile app reads to QR code, a field for the password pops up.

12. Enter the code in red letters displayed below the QR code in the web browser on your computer. Press OK.

13. The Activation Summery shows up in your app. Press Activate in the upper right corner.

14. Create the four digit PIN for accessing the Entrust IdentityGuard Mobile app on your mobile in the future.

15. You have successfully activated the soft token on your mobile phone.

16. The generated security code for the second factor authentication is shown in the mobile app.


On your computer:

17. Press Next in the browser. The below message is expected to be displayed in the browser.

18. Press Next, then Done in the browser. The soft token has been successfully activated. You may close the browser.



Working in projects


Background

Every user on Computerome has a HOME directory (/home/people/<user>), which contains for instance environment setup and everything else which is considered strictly user specific. For security reasons, HOME directory permissions are set (and enforced) so that only the user has access. Home directories are free of charge and limited to 10 GB. 

$ ls -ld /home/people/lifsci
drwx------ 5 lifsci lifsci 235 Jun 24 10:17 /home/people/lifsci

Because users will sometimes switch projects, graduate, change employment, etc., no project data or anything else project related should ever be kept in the HOME directory, but must be maintained in the Projects structure.

Projects in Computerome are identified by the following information:

  • <PROJECT>
    How the project is known to the world; usually also funding the project.
  • <project_NAME>
    How the project is referenced in DTU and Computerome; also the top-level name for the projects directory structure
  • <group_NAME>
    Official id assigned for the project by DTU Basen; this <group_NAME> is also the UNIX group, that controls the projects access to resources.Each individual <user> must be a member of Unix group <group_NAME> to be able to access data and submit jobs in the project.Individual <user>'s are added to or removed from Unix group <group_NAME>, depending on whether they should work in the project or not.

It is recommended, that <project_NAME> corresponds to the <PROJECT> that is funding the project.

In most cases (but not always) <group_NAME> and <project_NAME> will be the same, and have a format similar to pr_xxxxx or ku_xxxxx; for example pr_12345.
The simplest way to make sure is to first check your group memberships with the id command, and look for group(s) that do not match uid/gid:

$ id
uid=12321(lifsci) gid=12321(lifsci) groups=12321(lifsci),2345(pr_12345),4321(pr_54321)


and then look for those groups in the /home/project/ directories:

$ ls -l /home/project | grep -e pr_12345 -e pr_54321
drwxr-x---   8 lifsci   pr_12345   147 Jan 19 12:45 pr_12345
drwxr-x---   4 lifsci   pr_54321    48 Sep 26 12:27 pr_54321

To give <user> access to cluster data, batch jobs must be submitted with parameters '-W group_list=<group_NAME>' and '-A <group_NAME>' , where '-A' supplies account information for use in Moab Accounting Manager (MAM).



Project file structure

New projects are created with the following default directory structure:

/home/projects/<project>
./apps
./apps/modulefiles
./archive
./data
./people/<user>
./scratch

The recommended usage is as follows:

  • /home/projects/<project>
    projects HOME directory
  • ./apps
    project specific applications - used when the project, for whichever reason, can not use the standard application provided in for instance /services/tools.(Common candidates include: anaconda, perl, qiime, R, ncbi-blast, samtools, bamtools, bedtools, java)
  • ./apps/modulefiles
    project specific modulefiles./archive./dataproject specific data
  • ./people/<user>
    each project members private, project related stuff (data, scripts, etc.)
  • ./scratch
    temporary or easily re-creatable data - using this may significantly decrease size and improve speed of backups.
    NOTE: Will not be backed up and will not be archived with project.

This directory structure has been selected to ease close-down at the end of a project.


As Computerome 2.0 does not provide cold storage (data retention) services, the project owners are expected to remove retired data from Computerome 2.0 after computation completion or project termination.



Database structure

Computerome also supplies access to a series of read-only reference databases.

/home/databases



Available software

Software installed on Computerome is managed through Environment Modules, invoked by the 'modules' commands.

For further information, please see Installed Software page.


Running jobs


In general, and in the interest of the systems stability, jobs should not be run on the login node – it is only used as a platform to submit jobs into the high-performance cluster.

Compute resources in the cluster is accessed through a batch system, consisting of Moab Workload Manager and Torque Resource Manager.

Submitting jobs from the login node is described in Batch System.


Available software

Software installed on Computerome is managed through Environment Modules, invoked by the 'modules' commands.

For further information, please see Installed Software page.


Getting information about your usage of Computerome

To inquire about your usage of Computerome, you can run the usage command, available through the usage_script module

usage -u will provide information for yourself.

$ module load tools usage_script/2.0
$ usage -u
Usage report for <lifsci>
From 2016-01-04 to 2016-05-30
Account          CPU Hours       Jobs
-------------------------------------
pr_12345:         14832.89         13
pr_23451:         13018.72       2347
pr_34512:         26585.01        729
pr_45123:        264068.02       3248
-------------------------------------
Total:           318504.64       6337

usage -a <account> will provide information for any account you are member of.

$ usage -a pr_45123
Usage report for pr_45123
From 2016-01-03 to 2016-05-30
Users            CPU Hours       Jobs
-------------------------------------
<lifsci>:        264068.02       3248
<user1>:            521.38        552
<user2>:          14980.62       5599
<user3>:         282747.90       5867
-------------------------------------
Total:           610066.25      43674


Courses

Option 1: Hackinars in Computerome

Try the self-help guide from the Hackinars in Computerome

Hackinars_in_Computerome-wiki.pdf

Hackinars_in_Computerome-wiki.pptx


Computerome Workshops

ComputeromeUserWorkshop_SlideDeck_10:03.pdf


Option 2: Contact Computerome

Computerome organizes courses on request - Contact 




Reporting problems

Please report problems to Computerome support.