All use of Scientific Computing and Data resources in publications and presentations must acknowledge Mount Sinai’s CTSA funding award. Click here

Scientific Computing and Data / High Performance Computing / Documentation / Logging In

 (03/11/2026) Onboarding Minerva’s New Multi-Factor Authentication (MFA) by 9:00 AM March 26, 2026 

Change log:  

  • New production date is set to 9:00 AM, Thursday, March 26th, 2026, 
  • Phone Text code (SMS) is available with the new MFA Minerva login, 
  • Microsoft Authenticator app – push notification on your mobile phone is optional now, 
  • Login node minerva11.hpc.mssm.edu is now open for new MFA logins, 
  • No further action is needed for users who already configured Microsoft Authenticator App. They still get push notifications for Minerva login. 

 

The Digital and Technology Partners (DTP) department is phasing out the Symantec VIP token as the two-factor authentication method for Minerva. We will switch to Microsoft’s Azure multi-factor authentication (MFA) at 9:00 am Thursday, March 26, 2026. 

 

Login node minerva11.hpc.mssm.edu is now available for HPC users to begin onboarding with the new MFA method.  

All Minerva users are advised to successfully login to minerva11 with one of the following methods by March 26th, 2026. 

The new authentication is using Sinai school password only, and user registered Microsoft MFA  as the second factor.   

 

Available authentication methods: 

There are 3 methods enabled. You can choose either one of them:  

Method 1: Phone Text passcode (Mount Sinai profile default),  

Method 2: Microsoft Authenticator App – push notification,  

Method 3: Microsoft Authenticator App – one-time password code   

By default, users who didn’t setup Microsoft Authenticator will receive Phone Text SMS message codes (method 1). Microsoft Authenticator installation on the mobile phone is optional now.  

 

To test, after you are connected to Mount Sinai VPN from your PC, please follow: 

 

Method 1: Phone Text SMS message code – Users who didn’t install Microsoft Authenticator on the phone: 

 

From a SSH terminal application like Putty on your PC or Terminal on MacOS:  

$ ssh yourUserID@minerva11.hpc.mssm.edu 

Password: <Enter your Sinai School Password Only> 

Enter Your Microsoft verification code609017 

You will receive a 6-digit code in your phone Text SMS message. Enter that code after the prompt, like above 609017.  

 

Method 2: Microsoft Authentication push notification – Users who have installed Microsoft Authenticator on their phones and set the default method to be ‘App based authentication – notification’:  

Step 0: Install and register Microsoft Authenticator on your phone for Microsoft MFA with your school network account, following Option 2 at https://itsecurity.mssm.edu/mobile-device-security/ms-authenticator/

1) If you already have Microsoft Authenticator registered with Option 2, go to Step 1.

2) If you previously registered with Option 1 phone number, you still need to register with Option 2. Option 1 will send phone text code, no phone push

3) If you are a new user to get started with MFA, please complete Option 3 and Option 2. 

 

Step 1: Check and make your default sign-in method to Microsoft Authenticator. 

Login to https://mysignins.microsoft.com/security-info, in the Security Info page click ‘Change’ and select “App based authentication – notification” from the drop-down options (See picture below). Microsoft Authenticator must be the Sign-in method when most advisable is unavailable, as shown in the red box in the below picture. If you see your phone number there, please do the change.

If you cannot login to https://mysignins.microsoft.com/security-info with your Sinai school account, or cannot change the methods, or the Microsoft Authenticator method disappears after refreshing the webpage, please send a ticket to hpchelp@hpc.mssm.edu.  

 

Step 2: SSH login to the Minerva login test server with your Sinai school password only: 

$ ssh yourUserID@minerva11.hpc.mssm.edu 

 yourUserID@minerva11.hpc.mssm.edu’s password:  

Enter your Sinai School password only and wait for Step 3.

  
 1) If you get error “Permission denied (gssapi-keyex,gssapi-with-mic,password).” even before password input, please check your local ssh config file like ~/.ssh/config, remove line “PreferredAuthentications keyboard-interactive” or similar, or remove the config file.  

2) If you haven’t logged into Minerva for a while, your Minerva account may be disabled due to inactivity or expired annual compliance form. You can verify your Minerva account by logging to the production login node with your school password and Symantec VIP as previously:  ssh yourUserID@minerva.hpc.mssm.edu If it fails there, your account is disabled. Please update the annual forms at forms.hpc.mssm.edu and try later. If it still fails there, contact us.  

 

Step 3: Wait for the following Microsoft Authenticator push notification dialogue on your phone (usually in 10 seconds, see picture below). Select Approve to complete login.

1). You shall see this push dialogue from your Microsoft Authenticator App on your phone to get authenticated.

2). If you received an SMS text message code, and get denied with “Permission denied, please try again.” This method has not been configured properly. Please follow above Step 1 to change your default sign-in method to Microsoft Authenticator.  

3). If you don’t receive any notification on the phone, please start over from Step 0.  

 

Step 4: If Step 3 is successful and you are logged in to the minerva11 (li04e01) node, your new MFA enrollment is complete.  

 

You don’t have to use Method 2, but if you elect to use it and still have trouble with the enrollment after making ‘App based Authentication – Notification’ as the default method in Step 2, or see issues other than those specified in the above Steps, please email us immediately at hpchelp@hpc.mssm.edu.   

 

Method 3: Microsoft Authentication hardware token method  

Follow Step 0 in Method 2: Microsoft Authentication push notification method but select “App based notification or hardware token – code” in Step 1. Use the 6-digit One-time password code from your Microsoft Authenticatior app on your phone when prompted for Microsoft Code.  

 

Important Notes 

We will officially launch the new method on all Minerva login nodes at 9:00am, Thursday, March 26th, 2026. 

Before that, Symantec VIP tokens are still the only 2nd factor logins to use on Minerva production login nodes, including minerva.hpc.mssm.edu or chimera.hpc.mssm.edu.  

 

Logging In

Connect to the Mount Sinai network either by connecting  to the LAN or MSSM Green while on campus or by using the VPN connection if not on campus. If using VPN, make sure you click on the “Tunnel” button on the VPN splash screen.

Use minerva.hpc.mssm.edu as the host name. This is a round-robin redirect to one of the 3 actual login nodes.

Start up your terminal emulation program and enter:

ssh yourUserID@minerva.hpc.mssm.edu

When prompted for your password, enter you Mount Sinai password followed immediately by the 6 digit VIP credential:

Password:  myH@rd2gu3$$p@$$word123456  (← this will not be echoed to the terminal.)

where 123456  would be the 6 digit credential from your VIP token.

 

If you are using X11 graphics, you will need to use the  -X  option to allow X11 forwarding to your workstation.

ssh -X yourUserID@minerva.hpc.mssm.edu

Two Factor Authentication

Minerva requires Two-Factor authentication at all times to log in. The first component is a memorized password. The second component is a one-time use, time sensitive, generated credential. Mount Sinai uses Symantec VIP to generate the one time use credential.

To set up two factor authentication for Symantec VIP, visit the ASCIT website. Symantec VIP produces a 6 digit code using a software token which can be installed via the ASCIT link on a variety of devices.

 

 

Virtual Private Network (VPN) Tunneling

Connection to Minerva from off campus requires the use of VPN and the F5 Big-IP software to be installed on your local workstation.

To setup VPN access, see https://itsecurity.mssm.edu/vpn-steps/

To setup the F5 Big-IP software to enable tunneling on Windows or MAC, see https://itsecurity.mssm.edu/vpn-access-selection/

 

Instructions on F5 Setup on Ubuntu

On your local workstation, go to https://mshmsvpn.mssm.edu and log in with your password and VIP credentials. The welcome page will have many boxes. Click on linux_deb and download the f5 software. Open a terminal on your workstation and enter one of the following commands:

 sudo apt install /absolute/path/to/deb/file
or
 sudo dpkg -i /absolute/path/to/deb/file

/opt/f5 will be created. Click on “tunnel” and on the f5 popup, “Choose” /opt/f5/vpn/f5vpn and you should be in.

Instructions for F5 Centos/Red Hat systems

On your local workstation, go to https://mshmsvpn.mssm.edu and log in with your password and VIP credentials. The welcome page will have many boxes. Click on linux_rpm and download the f5 software. Open a terminal on your workstation and enter one of the following commands:

For Centos:

	sudo yum localinstall /absolute/path/to/rpm/file
or
	sudo rpm -i absolute/path/to/rpm/file

For Red Hat/Fedora:

	sudo rpm -i /absolute/path/to/rpm/file
or
	sudo dnf localinstall /absolute/path/to/rpm/file

/opt/f5 will be created. Click on “tunnel” and on the f5 popup, “Choose” /opt/f5/vpn/f5vpn and you should be in.

Login Nodes:

Minerva currently has several login nodes which are used to access the compute cluster. The login nodes are connected to the campus network allowing access only on campus or via tunneling over Mount Sinai’s VPN if off campus.

There are currently four login nodes available for general use, minerva12, minerva13 and minerva14.You may connect to one of them through one of two round-robin Domain Name Server (DNS) load balancing names or you may specify one of them explicitly, if you prefer one over the other.For example, if you have a disconnected screen session running on one of the nodes, you will want to log onto that particular node if you want to reconnect.

The addresses of the nodes are:

  • minerva.hpc.mssm.edu – round-robin redirect
  • chimera.hpc.mssm.edu – round-robin redirect
  • minerva11.hpc.mssm.edu – specific login node
  • minerva12.hpc.mssm.edu – specific login node
  • minerva13.hpc.mssm.edu – specific login node
  • minerva14.hpc.mssm.edu – specific login node

Suggestion: Use the name minerva.hpc.mssm.edu for your connections, as it will continue to work in the future even if the login nodes are changed.

From Windows
To log in from a Windows machine, you will need a terminal emulator. There are two that we recommend.

MobaXterm ( https://mobaxterm.mobatek.net ) an all-in-one product that provides a terminal emulator, builtin X11 server, multiple tabbed windows, scp, sftp, etc.

PuTTY ( https://www.putty.org/ ) a widely used SSH client and associated utilities (scp, sftp, etc). PuTTY does not come with a built in X11 server. Users will have to install Xming ( https://sourceforge.net/projects/xming/ ) if they wish to use X11 graphics.

From MAC
MAC machines come with a console window already installed. However, you may want to install a more versatile terminal emulator such as iTerm2 ( https://iterm2.com )

As with the Windows environment, macOS does not come with an X11 server. So, if you want to use X11 graphics you will need to install the XQuartz X11 server ( https://www.xquartz.org/ ) .