Necessary account information¶
Before trying to log in to any of the C3SE systems you need to be equipped with the following:
- Your username, called Chalmers ID (CID) with associated password We give this to all users who lack it when they apply
- An account on each C3SE system you are going to use (i.e. Vera or Alvis). Everyone has to apply for an account, even if you already have a CID
If you lack any of this, please read the instructions on how to get access.
Our systems all run some type of Unix environment and the main interaction with the systems is performed using a command-line interface (CLI). If you do not have any previous experience of a Unix command-line interface here are two guides that will get you up to speed: Introduction to Linux and GNU/Linux Command-Line Tools Summary.
To connect to the cluster and the aforementioned command-line interface you need a terminal (emulator) and an implementation of the Secure Shell (SSH) protocol. For Windows users with Windows 10 or later we recommend OpenSSH that ships with operating system. For older Windows versions we recommend the free program PuTTY that is a terminal emulator with SSH built in. Unix users (including Linux and Mac OS X) can use the terminal emulator and SSH that is shipped with the operating system.
Hostnames and network access¶
The conventional way to connect to clusters is using the2 Secure Shell (SSH) protocol. Every cluster have a one or more so called "login nodes" that is accessible from the internal network on Chalmers University of Technology, and follow the hostname convention:
alvis1.c3se.chalmers.se or alvis2.c3se.chalmers.se vera1.c3se.chalmers.se or vera2.c3se.chalmers.se
If you are connected to the Chalmers local network you can login directly by running:
where you have to replace
CID with your CID username and
cluster with the name of the cluster frontend you
want to connect to, eg.
We don't allow all networks to directly connect.
- Vera is accessible via Chalmers and GU local network
- Alvis is accessible via SUNET networks (i.e. most Swedish university networks)
If you are on any other network (inside or outside Sweden) then you should use VPN to access. For Alvis, you can use your own Swedish university VPN if it is actually configured to send traffic via the VPN. You can test your VPN by checking that your public IP address matches your university.
We also give access to Chalmers VPN to all users via your CID:
- Chalmers VPN instructions for Linux (requires login)
- Chalmers VPN instructions for Windows (requires login)
- Chalmers VPN instructions for Mac (requires login)
NOTE You may first want to check the legality of using VPN in your location
Instead of connecting through a terminal, you can also access to the cluster through Thinlinc which gives you a graphical connection.
Once you are connected to the login node, you get access to a computer cluster that packs at least 1000 times more computing power than your desktop computer. Let's figure out how to wield this power.
Setting up a hostname alias¶
Optionally, you can (on your local machine) set up alias by modifying the file
and add an entry e.g:
Host vera1 HostName vera1.c3se.chalmers.se User your_cid Host alvis1 HostName alvis1.c3se.chalmers.se User your_cid # etc.
This will allow you to conveniently scp/ssh to the cluster doing
ssh vera1 # This would now be equal to: ssh firstname.lastname@example.org scp my_file vera2: # This would now be equal to: scp my_file email@example.com:
In addition, you can enable SSH's
ControlMaster option that keeps a single persisten connection open for subsequent logins.
This is required for those who need to automate (frequent) logins is very convenient for other users:
Host alvis1 HostName alvis1.c3se.chalmers.se User your_cid ControlMaster auto ControlPersist yes ControlPath ~/.ssh/ssh_mux_%L_%h_%r
With PuTTY on windows, you can tick the option box Share SSH connections if possible
Setting up ssh key¶
From MAC and Linux you can generate an SSH-key, upload it, and use this to log into the system, e.g:
ssh-keygen -t rsa scp ~/.ssh/id_rsa.pub vera1:.ssh/authorized_keys
This also works in Windows 10, if you have the OpenSSH client installed. If not in the list under
Settings -> Apps -> Apps & features -> Optional features, it
can be added from that page ("Add a feature", only install the client), but the path to copy the generated key will differ:
C:\Users\username>ssh-keygen -t rsa C:\Users\username>scp .ssh\id_rsa.pub vera1:.ssh/authorized_keys
SSH is picky about the file permissions on both ends, else it will refuse to use the keys. You have to log into the cluster and modify using chmod:
chmod go-rwx .ssh/ .ssh/authorized_keys
The SSH-key can also be used by all applications connecting to the cluster, such as Cyberduck or Thinlinc. You can set up your computer to unlock the key by putting it in a keychain.
Creating and Using SSH-keys in PuTTY / Thinlinc¶
- Install the latest version of PuTTY https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html.
- Open PuTTY Key Generator (PUTTYGEN.EXE)
- Click on the "Generate" button (or select "Generate key pair" from Key in the menu).
- Save the generated public and private keys (adding a passphrase will add some security if the computer (or key) is stolen, etc).
- If you want to use the key with ThinLinc, select "Export OpenSSH key" from Conversions in the menu.
- Login to the server with your username / password by thinlinc or PuTTY.
- Copy the public key from the key generator, visible in the textbox ("Public key for pasting [...]"), and paste it into the ~/.ssh/authorized_keys file.
- Save and close the file.
- Adjust the permissions of the autorized_keys file and .ssh folder (see instructions above)
- Logout from the server.
- Open PuTTY (PUTTY.EXE) and enter the server name (under Host Name (or IP address)).
- Username can be entered with the server address:
- Username can be entered with the server address:
- Go to Connection -> SSH -> Auth in the left-side menu, and select the newly created private key for authentication.
For ThinLinc, open settings and select the Security tab. Change Authentication method from Password to Public key, select OK. Now you should be able to choose the OpenSSH-key exported in step 4 (or generated directly with OpenSSH).
Use SSH tunnel to access services¶
Modern applications often provides web based graphical user interfaces and is meant to be accessed using a web browser. Due to security considerations many shared remote services on the Internet, in particular powerful HPC-systems, restrict access to only a few secure and trusted services, most commonly SSH (port 22). This becomes a problem for users wanting to access applications, such as Jupyter notebooks, that runs a web server behind a restrictive firewall or on compute nodes that are only on a local network. This brief guide aims to introduce SSH port forwarding which allows you to safely access many types of services running on a remote system using only the familiar SSH protocol and your normal CID credentials.
Linux, macOS and Windows 10 (with OpenSSH)¶
The command for creating a local tunnel is run on your own computer. The general form of the command is:
ssh -L <local_port>:localhost:<remote_port> CID@<server>.c3se.chalmers.se
For example, to forward local port
8890 on your own computer to a Jupyter notebook listening on default port
8888 on the login node for Alvis system (
alvis1.c3se.chalmers.se) we enter:
ssh -L 8890:localhost:8888 CID@alvis1.c3se.chalmers.se ssh -L 8890:localhost:8888 alvis1 # if you have set up a hostname alias shown above
We do not have to forward the exact same local port number each time.
In the above example we could have chosen to forward
-L 8080:localhost:8888 assuming it was free.
You can also forward multiple ports on the same line by appending additional
-L <local_port>:localhost<remote_port> options.
There are many SSH clients available for Windows, if you have OpenSSL installed, and/or are running Windows Subsystem for Linux (WSL), you might want to try if the Linux and macOS instructions above works. You could also add a linux distro from Microsoft Store, use the instructions above for Linux.
Below we provide an example port forwarding port
8888 on Alvis using PuTTY.
- In the main Session view enter the name of the login node under "Host Name (or IP address)". In this example we connect to
alvis1.c3se.chalmers.se. You can enter a name for the session under "Saved Session". Leave the rest as default.
- Move to Connection, SSH, Tunnels and in the "Add new forwarded port" section we configure a tunnel from local ("Source port") port
- Move back to the main Sessions view and click "Save".
- Click Open in the bottom right corner to start the session.