Interactive login¶

Username lookup¶

Before you can log into an interactive session on HAICORE, you have to look up your login username. You can do so on FeLS by clicking on the Registry info link in the HAICORE service box:

The username can be found on the line Username for login:. In this example image, the username would be hgf_izc0875:

Recommended Tools¶

OpenSSH: Supports interactive logins and remote file transfers on a wide variety of operating systems, including Linux, Windows and macOS.
MobaXterm: supports interactive logins, remote file transfers and X11 forwarding on Windows.
FileZilla: supports remote file transfer on Windows/Linux/macOS.

After finishing the registration process, HAICORE is ready for your SSH based login.

Network access limitations

Please note that you have to be connected to an allowed network to access HAICORE. See the network access limitations section for more details.

A connection to HAICORE can be established using the following ssh command line (replace username with your actual username):

$ ssh username@haicore.scc.kit.edu

Host authenticity

When you log in, you may receive the message The authenticity of host '<host address>' can't be established. along with the host key fingerprint. This is intended so you can verify the authenticity of the host you are connecting to. Before you continue you should verify, if this fingerprint matches one of the following:

RSA: SHA256:p6Ion2YKZr5cnzf6L6DS1xGnIwnC1BhLbOEmDdp7FA0
ECDSA: SHA256:k8l1JnfLf1y1Qi55IQmo11+/NZx06Rbze7akT5R7tE8
ED25519: SHA256:yEe5nJ5hZZ1YbgieWr+phqRZKYbrV7zRe8OR3X03cn0

If you are using OpenSSH (usually installed on Linux based systems) and want to use a GUI-based application on HAICORE, an X11 forwarding can be established by adding the -X parameter to the ssh command:

$ ssh -X username@haicore.scc.kit.edu

The login node of HAICORE are the access point to the compute system and to your $HOME directory. HAICORE has one dedicated login node, for all incoming connections.

After the connection has been initiated, a successful login process will go through the following three steps:

The system asks for a One-Time Password. Generate one using the Software or Hardware Token registered on FeLS (see 2-Factor Authentication) and enter it after the Your OTP: prompt.
The systems asks for your service password. Enter it after the Password: prompt.
You are greeted by the HAICORE banner followed by a shell prompt.

The result should look like this:

If the Your OTP: prompt doesn't appear, but you immediately get the Password: prompt instead, this means that the system could not find your username. Please make sure that you are using the login username you have looked up as described in the first chapter. If you are sure the username is correct, please contact the support channels.

If the HoreKa banner appears, but you are presented with an error message and the connection is terminated immediately, please contact the support channels.

Network access limitations¶

Access to HAICORE is limited to IP addresses from a number of well-known German institutions and networks listed below.

You should be able to connect to HAICORE without restrictions if your device is located on one of these networks, e.g. if you are at your office on the campus of one of these institutions or connected to the campus WiFi. If you are outside the mentioned networks (e.g. in your home office), a VPN connection to your home institution has to be established first.

In general it is a good idea to just try if you can access HAICORE from your office or using your home institution's VPN connection. If it doesn't work immediately, try to force your client to use IPv4 (e.g. ssh -4) or IPv6 (e.g. ssh -6) manually.

If both protocols don't work, or if you are located outside of Germany and haven't been provided with a VPN connection to a German institution, the HPC-VPN service can be used.

List of currently allowed networks¶

KIT internal networks
All universities and universities of Applied Sciences in Baden-Wurttemberg
All Helmholtz member institutions
All NHR centres
Many academic and scientific institutions in Germany (Note: some only via IPv6)

HPC-VPN¶

The HPC-VPN is a service that provides network access to the cluster. In order to use it you have to register yourself via FeLS. The service should be available to everyone that has registered for HAICORE@KIT prior.

The VPN is a split network and only forwards addresses in the KIT network. More information regarding VPN can be found here. Within the KIT network only IPv6 is used. The necessary configuration files can be downloaded here:

kit-hpc.ovpn
kit-hpc-v6.ovpn (If your home network supports IPv6)

In case neither of the configurations work, you can try the TCP configuration

kit-hpc-tcp.ovpn

HPC-VPN

In order to use the service the OpenVPN version has to be higher than 2.5.

If Linux NetworkManager is used go to the NetworkManager → both IPv4 Settings and IPv6 Settings → Routes... and check "Use this connection only for resources on its network".

The login node is shared between all other users. Therefore activities allowed on the login node are limited to setting up and managing your batch jobs. Allowed activities comprise the following examples:

Viewing and editing files
Executing batch system commands like sbatch, salloc, squeue etc.
Compilation of your small- to medium size code bases
Short pre- and postprocessing runs on a small number of cores

Everything that blocks a small number of cores for more than a couple of minutes must be executed on other nodes using the batch system. This also affects long-running compilation processes or long-running pre- or postprocessing runs.

Any compute job found to be running on the login nodes will be terminated without further notice.

SSH Keys¶

In contrast to many other Linux-based systems, it is not possible to self-manage your SSH Keys by adding them to the ~/.ssh/authorized_keys file. Existing files will with this name are not evaluated on HoreKa.

SSH Keys have to be managed via FeLS instead. Please refer to the Using SSH Keys chapter for more information.

Last update: September 28, 2023