Necessary account information

Before trying to log in to any of the C3SE systems you need to be equipped with the following:

  • Your username, called Chalmers ID (CID)
  • Your password, called CDKS password, (CDKS == Chalmers Datorkontosystem)
  • An account on each C3SE system you are going to use (i.e. Hebbe or Vera). Everyone has to apply for an account, even if you already have a CID

If you lack any of this, please read the instructions on how to get access.

Required software

Our systems all run some type of Unix environment and the main interaction with the systems is performed using a command-line interface (CLI). If you do not have any previous experience of a Unix command-line interface here are two guides that will get you up to speed: Introduction to Linux and GNU/Linux Command-Line Tools Summary.

To connect to the cluster and the aforementioned command-line interface you need a terminal (emulator) and an implementation of the Secure Shell (SSH) protocol. For Windows users we recommend using the free program PuTTY that is a terminal emulator with SSH built in. Unix users (including Linux and Mac OS X) can use the terminal emulator and SSH that is shipped with the operating system.

Hostnames and network access

To connect to C3SE resources the Secure Shell (SSH) protocol is used. Every cluster has a so called "Login Node" that is accessible from the internal network on Chalmers University of Technology, and follow the hostname convention:

alvis1.c3se.chalmers.se
hebbe1.c3se.chalmers.se or hebbe2.c3se.chalmers.se
vera1.c3se.chalmers.se or vera2.c3se.chalmers.se
hebbe-mstud.c3se.chalmers.se # Only accessible for MStud users

If you are connected to the Chalmers local network you can login directly by running:

ssh CID@cluster.c3se.chalmers.se

where you have to replace CID with your CID username and cluster with the name of the cluster frontend you want to connect to, eg. hebbe1, hebbe2, hebbe-mstud, vera1, vera2, alvis1.


If you are not directly connected to the Chalmers local network:

  • If you use a Swedish university network, you can still directly connect to our systems

  • If you are on any other network (inside or outside Sweden), then you should use the Chalmers Virtual Private Network (VPN) service to first connect to the Chalmers local network. With an active VPN connection to Chalmers it is then possible to log in using SSH to the cluster "Login Node". If you are a student you will find instructions here: VPN for students. NOTE You may first want to check the legality of using VPN in your location

Note: For Hebbe we allow direct access (i.e. no VPN or ssh-jumping necessary) from universities connected to Sunet.

Graphical login

Instead of connecting through a terminal, you can also access to the cluster through Thinlinc which gives you a graphical connection.

Once you are connected to the login node, you get access to a computer cluster that packs at least 1000 times more computing power than your desktop computer. Let's figure out how to wield this power.

Setting up a hostname alias

Optionally, you can (on your local machine) set up alias by modifying the file

~/.ssh/config

and add an entry e.g:

Host hebbe2
    HostName hebbe2.c3se.chalmers.se
    User your_cid

Host vera1
    HostName vera1.c3se.chalmers.se
    User your_cid

Host alvis1
    HostName alvis1.c3se.chalmers.se
    User your_cid

# etc.

This will allow you to conveniently scp/ssh to the cluster doing

ssh hebbe2            # This would now be equal to: ssh your_cid@hebbe2.c3se.chalmers.se
scp my_file hebbe2:   # This would now be equal to: scp my_file your_cid@hebbe2.c3se.chalmers.se:

In addition, you can enable SSH's ControlMaster option that keeps a single persisten connection open for subsequent logins. This is required for those who need to automate (frequent) logins is very convenient for other users:

Host alvis1
    HostName alvis1.c3se.chalmers.se
    User your_cid
    ControlMaster auto
    ControlPersist yes
    ControlPath ~/.ssh/ssh_mux_%L_%h_%r

With PuTTY on windows, you can tick the option box Share SSH connections if possible

Setting up ssh key

From MAC and Linux you can generate an SSH-key, upload it, and use this to log into the system, e.g:

ssh-keygen -t rsa
scp ~/.ssh/id_rsa.pub hebbe2:.ssh/authorized_keys

This also works in Windows 10, if you have the OpenSSH client installed. If not in the list under Settings -> Apps -> Apps & features -> Optional features, it can be added from that page ("Add a feature", only install the client), but the path to copy the generated key will differ:

C:\Users\username>ssh-keygen -t rsa
C:\Users\username>scp .ssh\id_rsa.pub hebbe2:.ssh/authorized_keys

SSH is picky about the file permissions on both ends, else it will refuse to use the keys. You have to log into the cluster and modify using chmod:

chmod go-rwx .ssh/ .ssh/authorized_keys

The SSH-key can also be used by all applications connecting to the cluster, such as FileZilla or Thinlinc. You can set up your computer to unlock the key by putting it in a keychain.

Creating and Using SSH-keys in PuTTY / Thinlinc

  1. Install the latest version of PuTTY https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html.
  2. Open PuTTY Key Generator (PUTTYGEN.EXE)
  3. Click on the "Generate" button (or select "Generate key pair" from Key in the menu).
  4. Save the generated public and private keys (adding a passphrase will add some security if the computer (or key) is stolen, etc).
    • If you want to use the key with ThinLinc, select "Export OpenSSH key" from Conversions in the menu.
  5. Login to the server with your username / password by thinlinc or PuTTY.
  6. Copy the public key from the key generator, visible in the textbox ("Public key for pasting [...]"), and paste it into the ~/.ssh/authorized_keys file.
  7. Save and close the file.
  8. Adjust the permissions of the autorized_keys file and .ssh folder (see instructions above)
  9. Logout from the server.
  10. Open PuTTY (PUTTY.EXE) and enter the server name (under Host Name (or IP address)).
    • Username can be entered with the server address: username@server.c3se.chalmers.se.
  11. Go to Connection -> SSH -> Auth in the left-side menu, and select the newly created private key for authentication.

For ThinLinc, open settings and select the Security tab. Change Authentication method from Password to Public key, select OK. Now you should be able to choose the OpenSSH-key exported in step 4 (or generated directly with OpenSSH).

Use SSH tunnel to access services

Modern applications often provides web based graphical user interfaces and is meant to be accessed using a web browser. Due to security considerations many shared remote services on the Internet, in particular powerful HPC-systems, restrict access to only a few secure and trusted services, most commonly SSH (port 22). This becomes a problem for users wanting to access applications, such as Jupyter notebooks, that runs a web server behind a restrictive firewall or on compute nodes that are only on a local network. This brief guide aims to introduce SSH port forwarding which allows you to safely access many types of services running on a remote system using only the familiar SSH protocol and your normal CID credentials.

Linux, macOS and Windows 10 (with OpenSSH)

The command for creating a local tunnel is run on your own computer. The general form of the command is:

ssh -L <local_port>:localhost:<remote_port> CID@<server>.c3se.chalmers.se

For example, to forward local port 8890 on your own computer to a Jupyter notebook listening on default port 8888 on the login node for Alvis system (alvis1.c3se.chalmers.se) we enter:

ssh -L 8890:localhost:8888 CID@alvis1.c3se.chalmers.se
ssh -L 8890:localhost:8888 alvis1 # if you have set up a hostname alias shown above

We do not have to forward the exact same local port number each time. In the above example we could have chosen to forward -L 8080:localhost:8888 assuming it was free. You can also forward multiple ports on the same line by appending additional -L <local_port>:localhost<remote_port> options.

Windows (PuTTY)

There are many SSH clients available for Windows, if you have OpenSSL installed, and/or are running Windows Subsystem for Linux (WSL), you might want to try if the Linux and macOS instructions above works. You could also add a linux distro from Microsoft Store, use the instructions above for Linux. Below we provide an example port forwarding port 8890 to 8888 on Alvis using PuTTY.

  1. In the main Session view enter the name of the login node under "Host Name (or IP address)". In this example we connect to alvis1.c3se.chalmers.se. You can enter a name for the session under "Saved Session". Leave the rest as default.
    PuTTY Tunnels Section.
  2. Move to Connection, SSH, Tunnels and in the "Add new forwarded port" section we configure a tunnel from local ("Source port") port 8888 to "Destination" alvis1.c3se.chalmers.se:8888.
    PuTTY Tunnels Section.
  3. Move back to the main Sessions view and click "Save".
  4. Click Open in the bottom right corner to start the session.