Reporting problems with Login
To report access problems, please send us the output of the following commands on your local system:
$ ssh -vvv firstname.lastname@example.org
include the verbose information when submitting an incident ticket to the Servicedeck for SuperMUC-NG.
Please check also that your IP was entered into the SuperMUC-NG Firewall here.
- Research groups with a Principal Investigator from German Universities or German Research Institutions can apply via GCS-JARDS, European research groups can apply via PRACE. For details, see Application for a project on SuperMUC-NG. (Note: The Principal Investigator (PI) must have a proven scientific record (preferably a PhD or comparable degree) and must be able to successfully accomplish the proposed tasks.)
- The Principal Investigator (PI, first master user) or the Person of Contact (PC, second master user) can make a request for a new user (researcher) in his project via the service request template 'New SuperMUC-NG User (Only for Master Users, PI)'.
Login to SuperMUC-NG
SuperMUC uses a firewall which isolates the system from the internet and only whitelisted IPs are allowed to access the system. You therefore have to provide us the local IP Adress of your Desktop/Laptop in order to obtain access.
You need a public static IP, dynamic IPs are not allowed!
To find out your local IP you can use the command (IPs starting with 192.xxx or 10.xxx are non-routing IPs and cannot be used, e.g. DSL access does not work, also no WLAN Router provided IPs)
$ hostname -I
When in doubt, please ask your local network administrator for a static public IP.
The PI or the PC (master users) can then add/remove IP addresses using the service request templates for:
- Enable IP Address(es) for SuperMUC-NG (Only for Master Users, PI)
- Disable IP Address(es) for SuperMUC-NG (Only for Master Users, PI)
Before you can login to SuperMUC you have to set a password and accept the usage regulations at the LRZ Identity Management Portal using your account and the start password that we have delivered to your project manager.
The SuperMUC-NG firewall permits only incoming SSH-connections i.e., ssh or scp from SuperMUC-NG to the outside world is disabled. SuperMUC-NG uses login nodes for interactive access and for the submission of batch jobs. The login nodes have an identical environment, but multiple sessions of one user may reside on different nodes which must be taken into account e.g., when killing processes.
Login with Secure Shell
Access via SSH (Secure Shell) is described in detail in the LRZ Document about SSH. In particular, the setup required to use private/public keys for access is described there. From the UNIX command line of the user's workstation the login to an LRZ account xxyyyzz is performed via:
|System part||Login||Architecture||Number of nodes |
behind the round-robin address
|Login node for |
SuperMUC-NG Phase 1
ssh -Y skx.supermuc.lrz.de -l xxyyyzz
(ssh -Y skx6.supermuc.lrz.de -l xxyyyzz #for IPv6)
Login nodes with connection to the SuperMUC tape archive
ssh -Y skx-arch.supermuc.lrz.de -l xxyyyzz
- The project manager (master user) can add/remove IP addresses using the service requests templates (add/remove).
- You do not have to use SSH Keys and we strongly discourage the use even it is allowed. Please contact the service desk when you want to automate workflows that need authentication.
- In case you want to use an SSH Key, a non-empty passphrase is mandatory!
- We consider an empty passphrase of your SSH as a violation of our security policies. Users disregarding this policy will be barred from further usage of LRZ systems.
- The -Y option is required for tunneling of the X11 (windowing) protocol, it may be omitted if no X11 clients are required.
- It is recommended to add the List of ssh key fingerprints for SuperMUC-NG to ~/.ssh/known_hosts on your own local machine before logging in for the first time.
Changing password or login shell
The Linux commands
chsh do not work on SuperMUC-NG. New accounts can only login to LRZ Systems after changing the initial password (issued by the project manager).
To change passwords or the login shell, use the LRZ Identity Management Portal:
- Log in to the web interface using your account and password.
- Toggle between English and German: use the little flags.
- To view the password expiration date, select "Person -> view" or "Account -> view authorizations".
- To change your password, select "Self Services/modify password".
- To change your login shell select "Self Services/change login shell". For the platform "SuperMUC" select the new login shell from the drop-down menu. If your preferred shell is not listed here, it is not available on SuperMUC-NG.
Passwords have to be changed after 12 months, you will be notified via email. If you forgot to set a new password, your access to LRZ systems will be restored after you set a new password through the LRZ Identity Management Portal.
Bash as login shell
Although other login shells are possible and might work, we strongly recommend to use bash as login shell, It is nearly impossible for us to test all combinations of software and the module system with different shells.
Reset (forgotten) password
- Toggle between English and German: use the little flags.
User-centered usage model
LRZ introduced a new usage model with SuperMUC-NG:
- user-centered: each user has only one user account on the system.
- Projects as groups: All assigned project resources can be accessed via one account. Particular attention was paid to data handling: The new model enables a user to seamlessly access his or her data in different projects for which he/she is validated.
The following commands show the time and storage budget for the current user:
$ module load lrztools
In a SLURM job the user must use the flag
in order to book the used computing time to a project account.
- Easier data sharing: Users can share data world wide using the LRZ Data Science Storage (DSS). To share data in WORK with project members, see FAQ: Sharing files with other users.
The naming convention of the HOME, WORK and SCRATCH directories on SuperMUC-NG changed have changed compared to previous systems, see File Systems of SuperMUC-NG.
See the following example account on SuperMUC-NG
di12faq5, who is member in three projects. It has only one $HOME and one $SCRATCH directory associated, but three different WORK directories for each of the projects:
WORK directories ($
For controlling other settings and gaining access to the software stack the Modules of the HPC Systems are used. You are strongly urged to read that document, because some additional configuration on your side may be needed and/or required to reliably perform environment setup within batch jobs.
Moving data from/to SuperMUC-NG
We provide several options to move data from/to SuperMUC-NG. All of them have in common that the IP-Address of the remote machine must be first enabled in the SuperMUC-NG firewall.
Access to Subversion (SVN) and Git servers
The SuperMUC firewall permits only incoming SSH-connections. You can use port forwarding to establish a connection between the subversion server and SuperMUC-NG,