Logging into SeaWulf

The login guide offers essential instructions for accessing SeaWulf's login nodes and configuring DUO Authentication. Linux and macOS users can log in via SSH commands, while Windows users can utilize MobaXterm, featuring integrated X server support. It also provides insights into VPN access and tips for managing persistent VPN software such as GlobalProtect.

This KB Article References: High Performance Computing
This Information is Intended for: Instructors, Researchers, Staff, Students
Created: 10/21/2016 Last Updated: 06/19/2024

Before using the system, please familiarize yourself with the login node. Additionally, you must set up DUO Authentication to ensure secure access.

 

Logging In

Linux and macOS

You may access the SeaWulf  login nodes using the respective command-line from any modern workstation via secure shell (SSH) depending on if you'd like to use the standard or milan login nodes. On Linux, simply open your favorite terminal program and ssh to the SeaWulf login node with X11 enabled by issuing the command associated with your desired login node (NetID should be in all lowercase):

This command line is used to access the standard login node

ssh -X NetID@login.seawulf.stonybrook.edu

Whereas this command line is used to access the milan login node

ssh -X NetID@milan.seawulf.stonybrook.edu

On  macOS, the same command can be used to ssh to SeaWulf, however installation of  XQuartz is required in order for X11 to function.

For more information regarding choosing the right login node, please click here

 

Windows

MobaXterm Home Edition may be freely downloaded and installed by SeaWulf users, as long as multiple individuals are not using the same installation.  MobaXterm comes with its own X server, so no additional utilities are required to enable X11 tunneling.  Login with MobaXterm by clicking the “New Session” button and provide the hostname (login.seawulf.stonybrook.edu) and your username:

 

DUO Authentication

When you attempt to access the login node by following the above methods, you will receive a notification on your DUO-enrolled device.  To finish logging in, please view the DUO notification and approve the login attempt by selecting the green check mark.

If you have not already setup DUO, please refer to our FAQ page on enrolling in DUO first.

 

DUO_PASSCODE

You can make the DUO authentication process a tiny bit quicker if you use the DUO_PASSCODE environment variable. This allows you to pre-select the DUO authentication method (or “factor”) you want to use instead of manually selecting it every time. So if you always want a DUO push to your phone, you can set DUO_PASSCODE to push, and you won't have to type '1' every time you log in. Also, this variable can sometimes fix issues with SCP/SFTP and other software used for file transfers. 

Here are the possible values for the DUO_PASSCODE variable:

pushPush a login request to your device.
phoneAuthenticate via phone callback.
smsGet a new batch of SMS passcodes. Your login attempt fails — log in again with one of your new passcodes.
 A numeric passcodeLog in using a passcode, either generated with Duo Mobile, sent via SMS, generated by your hardware token, or provided by an administrator.

You can also add a number to the end of these factor names if you have more than one device registered. For example, push2 will send a login request to your second phone, phone3 will call your third phone, etc.

If you're logging in using MobaXTerm, you can set DUO_PASSCODE in your session configuration and also change SSH-browser type to NONE to avoid repeated  DUO prompts :

 

On Mac and Linux, you can modify your local ~/.ssh/config file to include this setting:

Host *.seawulf.stonybrook.edu
  SendEnv DUO_PASSCODE

And then set DUO_PASSCODE from your terminal before you log in:

export DUO_PASSCODE=123456
 

VPN Access

Depending on your workflow and the software you use, you may find yourself frequently needing to authenticate with DUO. If this gets to be bothersome, consider connecting to Seawulf through Stony Brook's VPN. Information about requesting access and connecting to Stony Brook's VPN can be found here. You will need to authenticate once with DUO in order to get connected to the VPN, and then all connections made to Seawulf through the VPN will not require DUO.

You may notice that the GlobalProtect VPN software refuses to close when you're done using it. GlobalProtect is designed as an enterprise-level application, primarily for use by large corporations or research institutions. Keeping the application running at all times is one of the ways that GlobalProtect ensures that all information across the network is kept secure. However, this can feel invasive when constantly running on your personal computer, so here's how to quit the program:

 
MacOS

Open Terminal, and run this command to quit GlobalProtect:

launchctl unload /Library/LaunchAgents/com.paloaltonetworks.gp.pangp*

Then run this one to reopen it:

launchctl load /Library/LaunchAgents/com.paloaltonetworks.gp.pangp*

You can add some aliases to your ~/.bashrc to make this even easier:

echo "alias loadgp='launchctl load /Library/LaunchAgents/com.paloaltonetworks.gp.pangp*'" >> ~/.bashrc
echo "alias unloadgp='launchctl unload /Library/LaunchAgents/com.paloaltonetworks.gp.pangp*'" >> ~/.bashrc

Now, whenever you open a new terminal session, you can just type loadgp or unloadgp to open and close GlobalProtect.

 

Windows

GlobalProtect client will restart if you attempt to kill it via Task Manager. Instead, click on Windows and type Services. Open the Services desktop app, look for PanGPS, and stop the service. Start up the service again when you want to reconnect to the VPN.

 

Setting Up Passwordless Access

Additionally, passwordless access is easily enabled. See How do I set up passwordless SSH? for a short tutorial.

 

Accessing a particular login node

SeaWulf now has four login nodes available to all users.  If you would like to choose which login node you are placed on (e.g.,  in order to retrieve a saved screen session), you may specify the login node you want by choosing one of the following four hostnames:

login1.seawulf.stonybrook.edu
login2.seawulf.stonybrook.edu
milan1.seawulf.stonybrook.edu
milan2.seawulf.stonybrook.edu

If you do not specify a login node when connecting to SeaWulf, we will use a round-robin load balancing system to automatically place you on either login1 or login2. 

Please note that screen sessions may only be accessed from the login node on which they were started.  When detaching from a screen session, please make note of which login node you are on and specify this particular login node when you access it again in the future.

 

Learning About the Login Nodes

Whenever you log into SeaWulf, you will be interacting with the Login Node.  To understand what this is, see What is a login node?

For More Information Contact


IACS Support System

Still Need Help? The best way to report your issue or make a request is by submitting a ticket.

Request Access or Report an Issue