CRC Access to Shared Computing Resources
This guide describes methods to access Shared Computing Resources from off-campus.
- Policies regarding Quotas, Data Transfers, and Out Bound Connections
- How to Transfer Files from Off-Campus
- More Information about SSH
Direct logins to our Shared Computing Resources from off-campus are prohibited. In order to log in to these systems from off-campus, there are currently three methods as described below.
If you are a Rice faculty, staff, or student who has SSH login access to another system on campus (which allows off-campus access), you may log in to our Shared Computing Resources from off-campus with your SSH.
Your SSH login access might be for an office desktop system or a department server. If this is the case, then use SSH to log in to one of those systems first. Once you obtain a command line prompt on this host, use SSH to log in to the Shared Computing Resource.
In other words, if you have access, there will be a two-step process to login to these systems:
- SSH login to anyhost.rice.edu where anyhost.rice.edu is the hostname of the system you are logging in to.
(Note: Substitute the hostname of the campus system you are logging in to in place of anyhost.rice.edu.)
From anyhost.rice.edu, SSH login to the Shared Compute Resource (such as nots.rice.edu, etc.)
If you don't have access to a campus resource that can connect to our Shared Computing Resources you may use our SSH gateway using the following steps:
- SSH login to gw.crc.rice.edu.
- From gw.crc.rice.edu, SSH login to the Shared Compute Resource (such as nots.rice.edu, etc.)
Rice faculty, staff, students, and Visitors/Guests may log in to Shared Computing Resources from off-campus with SSH by connecting to the Rice network with VPN. VPN (Virtual Private Network) essentially makes the off-campus computer appear as if it were on the Rice network. To obtain a VPN account and software, please visit the Rice VPN website.
The two-step process to login to these systems using SSH with VPN is as follows:
- Connect to the Rice network with VPN using the off-campus computer. Read about how to do that here.
- SSH login to the Shared Computing Resource (such as nots.rice.edu, etc...).
Note: If you are a Visitor/Guest, by default, you won't have access to Rice Box. You may be able to use the Microsoft, Apple, iOS, or Android stores to download the AnyConnect client and use that instead.
People who have accounts on the Shared Computing Systems will likely have SSH or VPN access to the Rice network. For all users with valid cluster logins, we automatically create an SSH Gateway account that will provide the same capability as the "SSH Only " section above. Using this account will mean that logging in to these systems will be a two-step process:
- SSH login to gw.crc.rice.edu from off-campus.
- SSH login to the Shared Computing Resource (such as nots.rice.edu, etc.) from gw.crc.rice.edu
Read below for the latest information on the SSH Gateway access policy.
Once you are logged into the SSH gateway, you will not be able to use SSH to log in to any system other than a shared computing resource. SSH access is restricted to inbound connections to the gateway. Outbound connections from the SSH Gateway to systems other than the shared computing resources are not allowed. You can not log in to an off-campus system from the gateway, for example.
To login to the SSH Gateway, use SSH to log in to the host gw.crc.rice.edu. Once there, you can use SSH to log in to any of the shared computing resources. It will be a two-step process to login to a shared computing resource:
1. SSH login to gw.crc.rice.edu from off-campus using your netID credentials and DUO.
- We recommend appropriately secure ssh keys to eliminate password entry as part of this workflow which is a modern public ssh key that is password protected.
2. SSH login to the shared computing resources (such as nots.rice.edu) from gw.crc.rice.edu.
All accounts on the gateway have a quota of 250MB enforced on home directories and we no longer recommend staging data to the gateway, but rather through the gateway.
Additionally, to transfer files from a Linux or Unix machine to the Shared Computing Resources, you can use the SCP command. If you are using a VPN connection, then SCP will work exactly as described in our SSH FAQ as if you were on campus.
If you are not using VPN and are using an intermediate Rice host or the SSH Gateway as described earlier, then there will be an SSH ProxyJump step process to transfer files to these systems, as seen below:
scp -o 'ProxyJump netID@gw.crc.rice.edu' FILENAME netID@anyhost.rice.edu:/DESTINATION/
Note about SCP and gw: If you are using the SSH Gateway for the file transfer process, your home directory on the SSH Gateway has a 250MB quota. We no longer recommend staging your data on the SSH Gateway and then copying it to the destination cluster as ProxyJump. We recommend appropriately securing ssh keys to eliminate password entry as part of this workflow.
There is an alternative method for transferring data through the gateway. The advanced method for file transfers will include the use of an ssh tunnel, an encrypted communication channel that will allow network protocols (in this case ssh/SCP) to travel seamlessly between two endpoints over a secure channel. To set up and use an ssh tunnel, follow these steps:
Step 2: Copy data through the tunnel
Leave the above terminal window open with the ssh tunnel established. Open a new terminal on your workstation and execute these commands:
scp -o NoHostAuthenticationForLocalhost=yes \
-P 2222 filename(s) username@localhost:/shared.scratch/username
For general instructions on how to use SSH, please see our CRC SSH FAQ.