SCIENCE HPC Center - High Performance Computing Centre at the University of Copenhagen

	Documentation SLURM Lustre MPI Compilers VGL ssh Visual Studio Dynamic firewall OLD: Shared filesystem OLD: Volume Storage Account How to get an account Contact Contact
			Two Factor for firewall opening It is possible to temporarily add new IPs to the firewall, by using Two Factor Authentification. This enables users participating in Conferences or visiting colleagues, to temporarily open the firewall from a new IP. Note : This needs to be configured on a frontend - so do this in advance! Prerequisite The setup requires a second factor (phone/tablet/smartwatch) that can store the secret and display the One Time Password on request. We have tested FreeOTP and Google Authenticator, that can be installed on both Android and Apple iPhone/iPad (Footnote: With iPadOS 13.2, it's been nessesary to remove and reinstall the app, to change/update the secret!) - Do not be tempted to install FreeOTP on your computer .. it defeats the purpuse of Multi Factor! Setup While connected to a frontend, run the command `hpc-gen2FA` - it will genereate a secret and present the QR-code: `$ hpc-gen2FA A new secret has been generated - enter your LDAP password to activate the new two factor secret .. this will remove/replace ANY old secrets! Enter LDAP Password:` Note: Your LDAP Password is your normal password. You can test your App with this picture - it should say "exampleUser" and the password should change every 30 seconds. Usage - Linux/Mac/Windows subsystem for Linux To use the One Time password to open the firewall, simply ssh from your local computer to the machine "otp.hpc.ku.dk" and enter your normal password and the One-time password when prompted: % ssh put-your-HPC-username-here@otp.hpc.ku.dk Password: One-time password (OATH) for `put-your-HPC-username-here': Last login: Fri Nov 1 15:22:12 2019 from somewhere.dk --== Welcome to HPC/UCPH ==-- Your current IP has been registered and will be added to the firewall within the next few minutes! You should be able to connect to any frontend until Sunday. HPC/UCPH Support Connection to otp.hpc.ku.dk closed. There is a few minutes delay, from authenticating to the service, before the temporal IP is known in the firewall. Usage - PuTTY With PuTTY on your local Windows, the screens looks like: Set "otp.hpc.ku.dk" as the hostname Select "Never" in "Close window on exit" The first time you connect, you need to accept the hostkey - check it on the page about ssh PuTTY will ask for your username (replace 'put-your-HPC-username-here' with your actual username), your password the one-time password from the app If username, password and One-time Password is accepted, you should get this message from the server. Notes The One-time password might depend on your timezone .. we have successfully tested this while in a different timezone - but only with phones with Danish SIMs. We hope you will find this useful! :-)