Before you can log into an interactive session on HAICORE, you have to look up your login username. You can do so on FeLS by clicking on the
Registry info link in the HAICORE service box:
The username can be found on the line
Username for login:. In this example image, the username would be
OpenSSH: Supports interactive logins and remote file transfers on a wide variety of operating systems, including Linux, Windows and macOS.
MobaXterm: supports interactive logins, remote file transfers and X11 forwarding on Windows.
FileZilla: supports remote file transfer on Windows/Linux/macOS.
SSH login process¶
After finishing the registration process, HAICORE is ready for your SSH based login.
Network access limitations
Please note that you have to be connected to an allowed network to access HAICORE. See the network access limitations section for more details.
A connection to HAICORE can be established using the following
ssh command line (replace
username with your actual username):
$ ssh firstname.lastname@example.org
When you log in, you may receive the message
The authenticity of host '<host address>' can't be established. along with the host key fingerprint. This is intended so you can verify the authenticity of the host you are connecting to. Before you continue you should verify, if this fingerprint matches one of the following:
If you are using OpenSSH (usually installed on Linux based systems) and want to use a GUI-based application on HAICORE, an X11 forwarding can be established by adding the
-X parameter to the
$ ssh -X email@example.com
The login node of HAICORE are the access point to the compute system and to your $HOME directory. HAICORE has one dedicated login node, for all incoming connections.
Example login process¶
After the connection has been initiated, a successful login process will go through the following three steps:
The system asks for a One-Time Password. Generate one using the Software or Hardware Token registered on FeLS (see 2-Factor Authentification) and enter it after the
The systems asks for your service password. Enter it after the
You are greeted by the HAICORE banner followed by a shell prompt.
The result should look like this:
Your OTP: prompt doesn't appear, but you immediately get the
Password: prompt instead, this means that the system could not find your username. Please make sure that you are using the login username you have looked up as described in the first chapter. If you are sure the username is correct, please contact the support channels.
If the HoreKa banner appears, but you are presented with an error message and the connection is terminated immediately, please contact the support channels.
Network access limitations¶
Access to HAICORE is limited to IP addresses from a number of well-known German institutions and networks listed below.
You should be able to connect to HAICORE without restrictions if your device is located on one of these networks, e.g. if you are at your office on the campus of one of these institutions or connected to the campus WiFi. If you are outside the mentioned networks (e.g. in your home office), a VPN connection to your home institution has to be established first.
In general it is a good idea to just try if you can access HAICORE from your office or using your home institution's VPN connection. If it doesn't work immediately, try to force your client to use IPv4 (e.g.
ssh -4) or IPv6 (e.g.
ssh -6) manually.
If both protocols don't work, or if you are located outside of Germany and haven't been provided with a VPN connection to a German institution, the HPC-VPN service can be used.
List of currently allowed networks¶
- KIT internal networks
- All universities and universities of Applied Sciences in Baden-Wurttemberg
- All Helmholtz member institutions
- All NHR centres
- Many academic and scientific institutions in Germany (Note: some only via IPv6)
The HPC-VPN is a service that provides network access to the cluster. In order to use it you have to register yourself via FeLS. The service should be available to everyone that has registered for HAICORE@KIT prior.
The VPN is a split network and only forwards adresses in the KIT network. More information regarding VPN can be found here. Within the KIT network only IPv6 is used. The necessary configuration files can be downloaded here:
In case neither of the configurations work, you can try the TCP configuration
In order to use the service the OpenVPN version has to be higher than 2.5.
If Linux NetworkManager is used go to the NetworkManager → both IPv4 Settings and IPv6 Settings → Routes... and check "Use this connection only for resources on its network".
Allowed activities on login nodes¶
The login node is shared between all other users. Therefore activities allowed on the login node are limited to setting up and managing your batch jobs. Allowed activities comprise the following examples:
Viewing and editing files
Executing batch system commands like
Compilation of your small- to medium size code bases
Short pre- and postprocessing runs on a small number of cores
Everything that blocks a small number of cores for more than a couple of minutes must be executed on other nodes using the batch system. This also affects long-running compilation procresses or long-running pre- or postprocessing runs.
Any compute job found to be running on the login nodes will be terminated without further notice.
In contrast to many other Linux-based systems, it is not possible to self-manage your SSH Keys by adding them to the
~/.ssh/authorized_keys file. Existing files will with this name are not evaluated on HoreKa.
SSH Keys have to be managed via FeLS instead. Please refer to the Using SSH Keys chapter for more information.