Logging into SeaWulf

Audience: Faculty, Postdocs, Researchers, Staff and Students

This KB Article References: High Performance Computing
This Information is Intended for: Faculty, Postdocs, Researchers, Staff, Students
Last Updated: July 14, 2020

Please read about the login node before using the system.

You will also need to setup DUO Authentication before using the system.

Logging In

Linux and MacOS

You may access the SeaWulf login nodes using the command-line from any modern workstation via secure shell (SSH). In Linux or MacOSX, simply open your favorite terminal program and ssh to the SeaWulf login node with X11 enabled by issuing the command:

ssh -X NetID@login.seawulf.stonybrook.edu

 

Windows

MobaXterm Home Edition may be freely downloaded and installed by SeaWulf users, as long as multiple individuals are not using the same installation.  MobaXterm comes with its own X server, so no additional utilities are required to enable X11 tunneling.  Login with MobaXterm by clicking the "New Session" button and provide the hostname (login.seawulf.stonybrook.edu) and your username:

 

DUO Authentication

When you attempt to access the login node by following the above methods, you will receive a notification on your DUO-enrolled device.  To finish logging in, please view the DUO notification and approve the log in attempt by selecting the green check mark.

If you have not already setup DUO, please refer to our FAQ page on enrolling in DUO first.

DUO_PASSCODE

You can make the DUO authentication process a tiny bit quicker if you use the DUO_PASSCODE environment variable. This will allow you to pre-select the type of DUO authentication you want to use instead of manually selecting it every time. So if you always want a DUO push to your phone, you can set DUO_PASSCODE to push, and you won't have to type '1' every time you log in. Also, this variable can sometimes fix issues with SCP/SFTP and other software used for file transfers. 

Here are the possible values for the DUO_PASSCODE variable:

push

Push a login request to your device.

phone

Authenticate via phone callback.

sms

Get a new batch of SMS passcodes. Your login attempt fails — log in again with one of your new passcodes.

A numeric passcode

Log in using a passcode, either generated with Duo Mobile, sent via SMS, generated by your hardware token, or provided by an administrator.

You can also add a number to the end of these factor names if you have more than one device registered. For example, push2 will send a login request to your second phone, phone3 will call your third phone, etc.

You can set the DUO_PASSCODE variable by appending a line to your Seawulf ~/.bashrc like so:

echo 'export DUO_PASSCODE=push' >> ~/.bashrc

If this does not work, please check the caveat on our DUO and LD_LIBRARY_PATH page. You may need to change the order of commands in your .bashrc file.

Additionally, please do not set DUO_PASSCODE to sms in your .bashrc or you will be unable to log in to Seawulf unless you connect through the VPN (see "VPN Access" below). The sms method of authentication will send you sms codes, but you must then set the value of DUO_PASSCODE to equal one of your one time use codes which you can't do if it's set in your .bashrc on Seawulf. You can set it on the client side by modifying your MobaXTerm session configuration like so:

On Mac and Linux, you can modify your ~/.ssh/config file to include this setting:

Host *.seawulf.stonybrook.edu
  SendEnv DUO_PASSCODE

And then set DUO_PASSCODE from your terminal before you log in:

export DUO_PASSCODE=123456

VPN Access

Depending on your workflow and the software you use, you may find yourself frequently needing to authenticate with DUO. If this gets to be bothersome, consider connecting to Seawulf through Stony Brook's VPN. Information about requesting access and connecting to Stony Brook's VPN can be found here. You will need to authenticate once with DUO in order to get connected to the VPN, and then all connections made to Seawulf through the VPN will not require DUO.

You may notice that the GlobalProtect VPN software refuses to close when you're done using it. GlobalProtect is designed as an enterprise-level application, primarily for use by large corporations or research institutions. Keeping the application running at all times is one of the ways that GlobalProtect ensures that all information across the network is kept secure. However, this can feel invasive when constantly running on your personal computer, so here's how to quit the program:

MacOS

Open Terminal, and run this command to quit GlobalProtect:

launchctl unload /Library/LaunchAgents/com.paloaltonetworks.gp.pangp*

Then run this one to reopen it:

launchctl load /Library/LaunchAgents/com.paloaltonetworks.gp.pangp*

You can add some aliases to your ~/.bashrc to make this even easier:

echo "alias loadgp='launchctl load /Library/LaunchAgents/com.paloaltonetworks.gp.pangp*'" >> ~/.bashrc

echo "alias unloadgp='launchctl unload /Library/LaunchAgents/com.paloaltonetworks.gp.pangp*'" >> ~/.bashrc

Now, whenever you open a new terminal session, you can just type loadgp or unloadgp to open and close GlobalProtect.

Windows

GlobalProtect client will restart if you attempt to kill it via Task Manager. Instead, click on Windows and type Services. Open the Services desktop app, look for PanGPS, and stop the service. Start up the service again when you want to reconnect to the VPN.

Setting Up Passwordless Access

Additionally, passwordless access is easily enabled. See How do I set up passwordless SSH? for a short tutorial.

Accessing a particular login node

SeaWulf now has two login nodes available to all users.  If you would like to choose which login node you are placed on (e.g.,  in order to retrieve a saved screen session), you may specify the login node you want by choosing one of the following two hostnames:

login1.seawulf.stonybrook.edu
login2.seawulf.stonybrook.edu

If you do not specify a login node when connecting to SeaWulf, we will use a round-robin load balancing system to automatically place you on either login1 or login2. 

Please note that screen sessions may only be accessed from the login node on which they were started.  When detaching from a screen session, please make note of which login node you are on and specify this particular login node when you access it again in the future.

Learning About the Login Nodes

Whenever you log into SeaWulf, you will be interacting with the Login Node.  To understand what this is, see What is a login node?

 

Submit a ticket

Additional Information


There are no additional resources available for this article.

Getting Help


The Division of Information Technology provides support on all of our services. If you require assistance please submit a support ticket through the IT Service Management system.

Submit A Ticket

For More Information Contact


IACS Support System