Skip to content

Logging into the DCC

As a shared computing resource, all work done on the DCC must be done by submitting jobs to the scheduler. Login nodes must not be used to execute computing tasks.

Acceptable use of login nodes include:

  • lightweight file transfers,
  • script and configuration file editing,
  • job submission and monitoring,
  • BaseSpace BaseMount - users can use basemount to mount BaseSpace into their home directories.

To minimize disruption and ensure a comfortable working environment for users, resource limits are enforced on login nodes, and processes started there will automatically be terminated if their resource usage (including CPU time, memory and run time) exceed those limits.

Web Access

Users who are not comfortable using the command line can access the DCC through Open OnDemand, which provides a access to interactive sessions on the DCC through your browser. The Open OnDemand service. provides acesss to the DCC through RStudio, Jupyter, or Linux desktop sessions.

SSH Access

Login to the DCC using ssh netid@dcc-login.oit.duke.edu, (note: VPN is not required, but MFA is required).

kk338@CDSS-5630 ~ % ssh kk338@dcc-login.oit.duke.edu
Password: 
Duo two-factor login for kk338

Enter a passcode or select one of the following options:

1. Duo Push to XXX-XXX-4007
2. Phone call to XXX-XXX-4007
3. Phone call to XXX-XXX-9784
4. SMS passcodes to XXX-XXX-4007 (next code starts with: 2)

Passcode or option (1-4): 1
Success. Logging you in...
Last login: Tue Dec 21 11:07:41 2021 from xxx
################################################################################
# MOTD                                                                         # 
# My patch window is wednesday 03:00                                           # ################################################################################
kk338@dcc-login-03  ~ $

A word on ssh clients

Linux and macOS systems generally come with a SSH client already installed and you can ssh directly from a terminal window. For Windows users you will need an ssh client such as PuTTY or MobaXterm. Advanced users may consider installing WSL2 (Windows Subsystem for Linux 2), see installation instructions here, but beware DCC support staff do not offer support for your local computer and software installations. Other ssh clients may work or not, but beware of clients that create persistent sessions to the DCC.

Users may connect to the DCC login nodes using VSCode to troubleshoot code and manage scripts. However, VSCode SHOULD NOT BE USED for computationally intense tasks on login nodes or on compute nodes via common or scavenger partitions. If you would like to execute code using VSCode, connect to OnDemand and run your code interactively using the CodeServer option.

SSH Keys

Setting up ssh keys from your workstation will greatly simplify the login and file transfer process by creating a secure key based session between your workstation and the DCC instead of using your password with MFA.

Step 1. To generate a key pair run the following (on your local machine) from your command shell prompt:

ssh-keygen -t ed25519

You should get prompted for what file to save the key in. The default should be fine (just hit enter).

Next you should be prompted for a passphrase. Pick something secure that you can remember.

The public key generated will be stored in the file:

~/.ssh/id_ed25519.pub

Step 2. View and copy your ssh key:

cat ~/.ssh/id_ed25519.pub

Please be sure that you do not accidentally leave off the .pub. The file ~/.ssh/id_ed25519 (without the .pub) is your private key file, which you should NEVER share with ANYONE.

Note that the contents of this file (what is displayed by cat) should look something like this:

ssh-ed25519 AAUAC3NzaC1lZDI1NTE5AAAAIDhkOqqB+kRDIDp86EGo0hNvogOxwJmM5kxx/aYCzOrG kk338@CDSS-CPP0H34NX2

Step 3. Add your public key to your Duke profile by copying to your “SSH Public keys” under “Advanced User Options” at: idms-web.oit.duke.edu/portal.

Find the section titled "Manage Your Public SSH Keys." In that section there should be clickable text that says "+ See More about SSH keys". Click that to expand this section, and you should see a textbox for "New Public Key" where you can paste your Public Key (copied in the previous step).

Step 4. Test your connection. Note Enter passphrase for key should display instead of Password

kk338@CDSS-5630 ~ % ssh kk338@dcc-login.oit.duke.edu
Enter passphrase for key '/Users/kk338/.ssh/id_ed25519': 
 Last login: Tue Dec 21 11:13:41 2021 from xxx
################################################################################
# MOTD                                                                         # 
# My patch window is wednesday 03:00                                           # ################################################################################
kk338@dcc-login-03  ~ $

Key Management

An "authentication agent" for SSH keys is typically referred to as "ssh-agent" which is a built-in tool on most operating systems that stores your SSH private keys in memory, allowing you to authenticate without re-entering your passphrase every time you connect to a server; while a "password manager" like 1Password helps with management of passwords as well as SSH keys. It will likely makes sense for you use either a password manager or ssh-agent, but not both:

1Password (password manager)

ssh-agent (Linux)

Most modern Linux desktop environments will automatically prompt for and manage your ssh private key passphrase, if not,run the following: ssh-add ~/.ssh/id_ed25519

ssh-agent (Mac)

macOS 12.0 or newer, run:

ssh-add --apple-use-keychain ~/.ssh/id_ed25519

macOS older than 12.0, run:

ssh-add -K ~/.ssh/id_ed25519

(and then type the password you just used) which will add add the key to the authentication agent, and also save the password in your keychain.

Then edit ~/.ssh/config and add these lines to it:

Host *
UseKeychain yes
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed25519

ssh-agent (Windows):

Running the following works for Windows, as well: ssh-add ~/.ssh/id_ed25519

View more general information about ssh public key authentication at ssh.com.