Starting on January 15th 2024 users must use multi-factor authentication (MFA) to connect to the cluster. You will be required to have at least one second authentication factor configured in the RegApp.

Whenever you log into the high performance compute cluster on a node that has MFA enabled for the first time in a certain time period – currently 10 hours – you will be asked to enter all types of identification, i.e., Username/Password, SSH key (if applicable), and Second Factor of choice. After this first login, further logins differ depending on whether or not you have SSH-authentication enabled.

You first need to select one of the login nodes to connect to. With SSH you will then be asked for either:

• Your username and password (ab123456 and associated HPC RegApp password)
• Your password to your local private key when using SSH Private/Public Keys.

Please note that only certain ciphers are active for ssh connections due to security reasons.

Using SSH

For example, for OpenSSH, the standard Linux ssh client:

ssh -l <your_userid> login18-1.hpc.itc.rwth-aachen.de

Instead of login18-1 you can use any of the login nodes.

Using Username/Password

You can use your Unix password (which you can change in the RegApp) and your Second Factor of choice (which you can manage in the RegApp) every time you open a new session.

Using SSH Key-pairs

If you have associated an SSH public key with your HPC account and have at least one corresponding private key file on the system used to access the HPC cluster, all further logins within this certain time period will only require SSH-authentication. Strong passwords may be cumbersome to use in everyday cluster access. Help comes in the form of an ssh-agent.

• Linux:
  $ eval `ssh-agent`
$ ssh-add ~/.ssh/id_ed25519
   
• Windows: Use PuTTY Pageant:
  
  
  

In the case that you are running an ssh-agent in the background to manage your private key password, you will be directly authenticated, otherwise, you will be prompted for the password of your private key file when opening a new session.

Note: Access to the login nodes requires password and second factor on first connection within a certain time frame. If you use an ssh config file (a file in your ".ssh" folder named "config"; for more info query your preferred search engine or start here), make sure that for this domain (e.g., *.hpc.itc.rwth-aachen.de) you are not using the public key as your preferred authentication method (i.e., do not set "PreferredAuthentications publickey" for this domain). Doing so will prevent the password request and thus login.

Active SSH Ciphers

Only  these ciphers are active for security reasons:

gss-curve25519-sha256- gss-group16-sha512- gss-group14-sha256- gss-nistp256-aes256-gcm@openssh.com aes128-gcm@openssh.com aes256-ctr aes192-ctr aes128-ctrmacs hmac-sha2-512 hmac-sha2-256 umac-128@openssh.com curve25519-sha256 curve25519-sha256@libssh.org diffie-hellman-group18-sha512 diffie-hellman-group16-sha512 diffie-hellman-group-exchange-sha256 diffie-hellman-group14-sha256 ecdh-sha2-nistp521 ecdh-sha2-nistp384 ecdh-sha2-nistp256