To gain access to Ramses, you need to fulfill three requirements (in any order):
To gain access to Ramses, you need to fulfil three requirements (in any order):
- apply for a project
- apply for a project
- secure the connection with SSH keys (first factor)
- secure the connection with SSH keys (first factor)
...
@@ -56,7 +56,7 @@ New users can apply for a trial account with limited core/GPU hours without a pr
...
@@ -56,7 +56,7 @@ New users can apply for a trial account with limited core/GPU hours without a pr
### 2.1 Multi-factor-authentication
### 2.1 Multi-factor-authentication
For security reasons, you can't login with a combination of username and password. Instead, we use a system called **Multi-Factor-Authentication** (MFA, sometimes 2FA for two-factor), meaning you need to prove your identity with two different (as in different systems/locations) 'factors':
For security reasons, you can't login with a combination of username and password. Instead, we use a system called **Multi-Factor-Authentication** (MFA, sometimes 2FA for two-factor authentication), i.e. you need to prove your identity with two different (as in different systems/locations) 'factors':
- The first factor is given by the SSH public key. Please send your SSH _public_ key to the HPC team. You can find general information on public key authentication [here](https://www.ssh.com/academy/ssh/public-key-authentication).
- The first factor is given by the SSH public key. Please send your SSH _public_ key to the HPC team. You can find general information on public key authentication [here](https://www.ssh.com/academy/ssh/public-key-authentication).
- The second factor involves the [Cisco Duo app](https://duo.com/product/multi-factor-authentication-mfa/duo-mobile-app). To use it, you will need to enroll your account, see [cisco-duo-setup.pdf](uploads/cd518a29f4362a9383c7345a975ed065/cisco-duo-setup.pdf) .
- The second factor involves the [Cisco Duo app](https://duo.com/product/multi-factor-authentication-mfa/duo-mobile-app). To use it, you will need to enroll your account, see [cisco-duo-setup.pdf](uploads/cd518a29f4362a9383c7345a975ed065/cisco-duo-setup.pdf) .
...
@@ -68,12 +68,12 @@ After you have successfully enrolled in Cisco Duo and prepared your SSH key pair
...
@@ -68,12 +68,12 @@ After you have successfully enrolled in Cisco Duo and prepared your SSH key pair
cat ~/.ssh/id_ed25519.pub # copy-paste and send to hpc-mgr@uni-koeln.de
cat ~/.ssh/id_ed25519.pub |# copy-paste and send to hpc-mgr@uni-koeln.de
# Procedure for circumventing passphrase at ssh-login (optional):
# Procedure for circumventing passphrase at ssh-login (optional):
eval "$(ssh-agent -s)" # set ssh-agent's environment variables
eval "$(ssh-agent -s)" |# set ssh-agent's environment variables
ssh-add ~/.ssh/id_ed25519 # provide private-key identity to agent
ssh-add ~/.ssh/id_ed25519 |# provide private-key identity to agent
ssh-add -l # list managed identities (should show at least one entry)
ssh-add -l |# list managed identities (should show at least one entry)
# Done, or keep reading below for more details
# Done, or keep reading below for more details
```
```
There is always a private (as in **private - don't share, don't give away**) and a public key in an SSH key pair. As with physical keys, one does not want to share private keys or leave copies thereof in other locations/computers. Instead, create new SSH key pairs on each frequently-used host. Let's outline a **3-step procedure** to get you "keyed-in".
There is always a private (as in **private - don't share, don't give away**) and a public key in an SSH key pair. As with physical keys, one does not want to share private keys or leave copies thereof in other locations/computers. Instead, create new SSH key pairs on each frequently-used host. Let's outline a **3-step procedure** to get you "keyed-in".
