Access and Login to SuperMUC-NG


Reporting problems with Login

To report access problems, please send us the output of the following commands on your local system:

$ ssh -vvv userid@skx.supermuc.lrz.de
$ hostname -I

include the verbose information when submitting an incident ticket to the Servicedeck for SuperMUC-NG.

Please check also that your IP was entered into the SuperMUC-NG Firewall here.

Getting Access

  • Research groups with a Principal Investigator from German Universities or German Research Institutions can apply via GCS-JARDS, European research groups can apply via PRACE. For details, see Application for a project on SuperMUC-NG. (Note: The Principal Investigator (PI) must have a proven scientific record (preferably a PhD or comparable degree) and must be able to successfully accomplish the proposed tasks.)
  • The Principal Investigator (PI, first master user) or the Person of Contact (PC, second master user) can make a request for a new user (researcher) in his project via the service request template 'New SuperMUC-NG User (Only for Master Users, PI)'.

Login to SuperMUC-NG

SuperMUC uses a firewall which isolates the system from the internet and only whitelisted IPs are allowed to access the system. You therefore have to provide us the local IP Adress of your Desktop/Laptop in order to obtain access.

You need a public static IP, dynamic IPs are not allowed!

To find out your local IP you can use the command (IPs starting with 192.xxx or 10.xxx are non-routing IPs and cannot be used, e.g. DSL access does not work, also no WLAN Router provided IPs)

$ hostname -I 

When in doubt, please ask your local network administrator for a static public IP.

The PI or the PC (master users) can then add/remove IP addresses using the service request templates for:

Before you can login to SuperMUC you have to set a password and accept the usage regulations at the LRZ Identity Management Portal using your account and the start password that we have delivered to your project manager.

The SuperMUC-NG firewall permits only incoming SSH-connections i.e., ssh or scp from SuperMUC-NG to the outside world is disabled. SuperMUC-NG uses login nodes for interactive access and for the submission of batch jobs. The login nodes have an identical environment, but multiple sessions of one user may reside on different nodes which must be taken into account e.g., when killing processes.

Login with Secure Shell

Access via SSH (Secure Shell) is described in detail in the LRZ Document about SSH. In particular, the setup required to use private/public keys for access is described there. From the UNIX command line of the user's workstation the login to an LRZ account xxyyyzz is performed via:

System partLoginArchitectureNumber of nodes
behind the  round-robin  address
Login node for
SuperMUC-NG Phase 1

ssh -Y skx.supermuc.lrz.de -l xxyyyzz

(ssh -Y skx6.supermuc.lrz.de -l xxyyyzz   #for IPv6)

Intel Skylake3

Login nodes  with connection to the SuperMUC tape archive

ssh -Y skx-arch.supermuc.lrz.de -l xxyyyzz

Intel Skylake1

Note:

  • The project manager (master user) can add/remove IP addresses using the service requests templates (add/remove).
  • You do not have to use SSH Keys and we strongly discourage the use even it is allowed. Please contact the service desk when you want to automate workflows that need authentication.
  • In case you want to use an SSH Key, a non-empty passphrase is mandatory!
  • We consider an empty passphrase of your SSH as a violation of our security policies. Users disregarding this policy will be barred from further usage of LRZ systems.
  • The -Y option is required for tunneling of the X11 (windowing) protocol, it may be omitted if no X11 clients are required. 
  • It is recommended to add the List of ssh key fingerprints for SuperMUC-NG to ~/.ssh/known_hosts on your own local machine before logging in for the first time.

Two-Factor Authentication

Please refer to Two-Factor Authentication on SuperMUC-NG

Changing password or login shell

The Linux commands passwd and chsh do not work on SuperMUC-NG. New accounts can only login to LRZ Systems after changing the initial password (issued by the project manager).

To change passwords or the login shell, use the LRZ Identity Management Portal:

  • Log in to the web interface using your account and password.
  • Toggle between English and German: use the little flags.
  • To view the password expiration date, select "Person -> view" or  "Account -> view authorizations".
  • To change your password, select  "Self Services/modify password".
  • Your new password must adhere to the password regulations.
  • To change your login shell select "Self Services/change login shell". For the platform "SuperMUC" select the new login shell from the drop-down menu. If your preferred shell is not listed here, it is not available on SuperMUC-NG. 

Passwords have to be changed after 12 months, you will be notified via email. If you forgot to set a new password, your access to LRZ systems will be restored after you set a new password through the LRZ Identity Management Portal.


Bash as login shell

Although other login shells are possible and might work, we strongly recommend to use bash as login shell,  It is nearly impossible for us to test all combinations of software and the module system with different shells.  

Reset (forgotten) password

User-centered usage model

LRZ introduced a new usage model with SuperMUC-NG:

  • user-centered: each user has only one user account on the system.
  • Projects as groups: All assigned project resources can be accessed via one account. Particular attention was paid to data handling: The new model enables a user to seamlessly access his or her data in different projects for which he/she is validated.

    The following commands show the time and storage budget for the current user:

    $ module load lrztools
    $ budget_and_quota

    In a SLURM job the user must use the flag

    #SBATCH --account=<project-id>

    in order to book the used computing time to a project account.

  • Easier data sharing: Users can share data world wide using the LRZ Data Science Storage (DSS). To share data in WORK with project members, see FAQ: Sharing files with other users.

The naming convention of the HOME, WORK and SCRATCH directories on SuperMUC-NG changed have changed compared to previous systems, see File Systems of SuperMUC-NG.

See the following example account on SuperMUC-NG di12faq5, who is member in three projects. It has only one $HOME and one $SCRATCH directory associated, but three different WORK directories for each of the projects:

User Account

Projects IDs

$HOME and $SCRATCH

WORK directories ($WORK_LIST)

Environment variables


di12faq5
pr12xf 
pr23ys
pr12ab
/dss/dsshome1/<hash>/di12faq5
/hppfs/scratch/<hash>/di12faq5
/hppfs/work/pr12xf/di12faq5
/hppfs/work/pr23ys/di12faq5
/hppfs/work/pr12ab/di12faq5
$WORK_pr12xf
$WORK_pr23ys
$WORK_pr12ab

Programming Environment

For controlling other settings and gaining access to the software stack the Modules of the HPC Systems are used. You are strongly urged to read that document, because some additional configuration on your side may be needed and/or required to reliably perform environment setup within batch jobs.

Moving data from/to SuperMUC-NG

We provide several options to move data from/to SuperMUC-NG. All of them have in common that the IP-Address of the remote machine must be first enabled in the SuperMUC-NG firewall.

Details on the different data transfer options can be found here.

Access to Subversion (SVN) and Git servers

The SuperMUC firewall permits only incoming SSH-connections. You can use port forwarding to establish a connection between the subversion server and SuperMUC-NG,