All use of Scientific Computing and Data resources in publications and presentations must acknowledge Mount Sinai’s CTSA funding award. Click here

Scientific Computing and Data / High Performance Computing / Documentation / Logging In

Logging In

Connect to the Mount Sinai network either by connecting  to the LAN or MSSM Green while on campus or by using the VPN connection if not on campus. If using VPN, make sure you click on the “Tunnel” button on the VPN splash screen.

Use minerva.hpc.mssm.edu as the host name. This is a round-robin redirect to one of the 3 actual login nodes.

Start up your terminal emulation program and enter:

ssh yourUserID@minerva.hpc.mssm.edu

When prompted for your password, enter you Mount Sinai password followed immediately by the 6 digit VIP credential:

Password:  myH@rd2gu3$$p@$$word123456  (← this will not be echoed to the terminal.)

where 123456  would be the 6 digit credential from your VIP token.

 

If you are using X11 graphics, you will need to use the  -X  option to allow X11 forwarding to your workstation.

ssh -X yourUserID@minerva.hpc.mssm.edu

Two Factor Authentication

Minerva requires Two-Factor authentication at all times to log in. The first component is a memorized password. The second component is a one-time use, time sensitive, generated credential. Mount Sinai uses Symantec VIP to generate the one time use credential.

To set up two factor authentication for Symantec VIP, visit the ASCIT website. Symantec VIP produces a 6 digit code using a software token which can be installed via the ASCIT link on a variety of devices.

(02/20/2026) Onboarding Minerva’s New Multi-Factor Authentication by March 12 2026

The Digital and Technology Partners (DTP) department is phasing out the Symantec VIP token as the two-factor authentication method for Minerva. We will switch to Microsoft Authenticator as the new MFA (multi-factor authentication) on March 12, 2026.

A Minerva test server is now available for HPC users to begin onboarding with the new MFA method.

All Minerva users are required to enroll with the new method by March 12, 2026.

Your Action Required: (Please read through the following Steps carefully)

The new authentication is using Sinai school password only and Microsoft Authenticator phone push approval as the second factor.

Microsoft Authenticator installed on the cell phone is a must, not an option for Minerva.

After you are connected to Mount Sinai VPN from your PC, please follow:

 Step 0: Install and register Microsoft Authenticator on your phone for Microsoft MFA with your school network account, following Option 2 at https://itsecurity.mssm.edu/mobile-device-security/ms-authenticator/

  1. If you already have Microsoft Authenticator registered with Option 2, go Step 1.
  2. If you previously registered with Option 1, you still need to register with Option 2. Option 1 will NOT work for Minerva login.
  3. If you are a new user to get started with MFA, please complete Option 3 and Option 2.

Step 1: Check and make your default sign-in method to Microsoft Authenticator.

Login to https://mysignins.microsoft.com/security-info, in the Security Info page click ‘Change’ and select “App based authentication – notification” from the drop-down options (See picture below). Microsoft Authenticator must be the Sign-in method when most advisable is unavailable, as shown in the red box in below picture. If you see your phone number there, please do the change.

If you cannot login to https://mysignins.microsoft.com/security-info with your Sinai school account, please send a ticket to hpchelp@hpc.mssm.edu.

Step 2: SSH login to the Minerva login test server with your Sinai school password only :

ssh yourUserID@mfa-test.hpc.mssm.edu
yourUserID@mfa-test.hpc.mssm.edu's password:

Enter your Sinai School password only and wait for Step 3.

    1. If you get error “Permission denied (gssapi-keyex,gssapi-with-mic,password).” even before password input, please check your local ssh config file like ~/.ssh/config, remove line “PreferredAuthentications keyboard-interactive” or similar, or remove the config file.
    2. If you haven’t logged into Minerva for a while, your Minerva account may be disabled due to inactivity or expired annual compliance form. You can verify your Minerva account by logging to the production login node with your school password and Symantec VIP as previously: ssh yourUserID@minerva.hpc.mssm.edu If it fails there, your account is disabled. Please update the annual forms at https://forms.hpc.mssm.edu/ and try later. If it still fails there, contact us.

Step 3: Wait for the following Microsoft Authenticator push notification dialogue on your phone (usually in 10 seconds, see picture below). Select Approve to complete login.

  1. You must see this push dialogue from your Microsoft Authenticator App on your phone to get authenticated. Any SMS text message code, or 6-digit one time passcode from your authenticator will NOT work.
  2. If you received SMS text message code and see errors “Permission denied, please try again.” after you input your correct school password, please follow above Step 1 to change your default sign-in method to Microsoft Authenticator.
  3. If you don’t receive any notification on the phone, please start over from Step 0.

Step 4: If Step 3 is successful and you are logged in to the mfa-test node, your enrollment is complete, you can logout immediately. This is a test server for MFA authentications only, not for any work.

Important Notes

We will officially launch the new method on all Minerva login nodes on March 12, 2026. Before that, Symantec VIP tokens are still the only 2nd factor to use on Minerva production login nodes. 

If you still have trouble with the enrollment after making ‘App based Authentication – Notification’ as the default method in Step 2, or see issues other than those specified in the above Steps, please email us immediately at hpchelp@hpc.mssm.edu.

 

 

Virtual Private Network (VPN) Tunneling

Connection to Minerva from off campus requires the use of VPN and the F5 Big-IP software to be installed on your local workstation.

To setup VPN access, see https://itsecurity.mssm.edu/vpn-steps/

To setup the F5 Big-IP software to enable tunneling on Windows or MAC, see https://itsecurity.mssm.edu/vpn-access-selection/

 

Instructions on F5 Setup on Ubuntu

On your local workstation, go to https://mshmsvpn.mssm.edu and log in with your password and VIP credentials. The welcome page will have many boxes. Click on linux_deb and download the f5 software. Open a terminal on your workstation and enter one of the following commands:

 sudo apt install /absolute/path/to/deb/file
or
 sudo dpkg -i /absolute/path/to/deb/file

/opt/f5 will be created. Click on “tunnel” and on the f5 popup, “Choose” /opt/f5/vpn/f5vpn and you should be in.

Instructions for F5 Centos/Red Hat systems

On your local workstation, go to https://mshmsvpn.mssm.edu and log in with your password and VIP credentials. The welcome page will have many boxes. Click on linux_rpm and download the f5 software. Open a terminal on your workstation and enter one of the following commands:

For Centos:

	sudo yum localinstall /absolute/path/to/rpm/file
or
	sudo rpm -i absolute/path/to/rpm/file

For Red Hat/Fedora:

	sudo rpm -i /absolute/path/to/rpm/file
or
	sudo dnf localinstall /absolute/path/to/rpm/file

/opt/f5 will be created. Click on “tunnel” and on the f5 popup, “Choose” /opt/f5/vpn/f5vpn and you should be in.

Login Nodes:

Minerva currently has several login nodes which are used to access the compute cluster. The login nodes are connected to the campus network allowing access only on campus or via tunneling over Mount Sinai’s VPN if off campus.

There are currently four login nodes available for general use, minerva12, minerva13 and minerva14.You may connect to one of them through one of two round-robin Domain Name Server (DNS) load balancing names or you may specify one of them explicitly, if you prefer one over the other.For example, if you have a disconnected screen session running on one of the nodes, you will want to log onto that particular node if you want to reconnect.

The addresses of the nodes are:

  • minerva.hpc.mssm.edu – round-robin redirect
  • chimera.hpc.mssm.edu – round-robin redirect
  • minerva11.hpc.mssm.edu – specific login node
  • minerva12.hpc.mssm.edu – specific login node
  • minerva13.hpc.mssm.edu – specific login node
  • minerva14.hpc.mssm.edu – specific login node

Suggestion: Use the name minerva.hpc.mssm.edu for your connections, as it will continue to work in the future even if the login nodes are changed.

From Windows
To log in from a Windows machine, you will need a terminal emulator. There are two that we recommend.

MobaXterm ( https://mobaxterm.mobatek.net ) an all-in-one product that provides a terminal emulator, builtin X11 server, multiple tabbed windows, scp, sftp, etc.

PuTTY ( https://www.putty.org/ ) a widely used SSH client and associated utilities (scp, sftp, etc). PuTTY does not come with a built in X11 server. Users will have to install Xming ( https://sourceforge.net/projects/xming/ ) if they wish to use X11 graphics.

From MAC
MAC machines come with a console window already installed. However, you may want to install a more versatile terminal emulator such as iTerm2 ( https://iterm2.com )

As with the Windows environment, macOS does not come with an X11 server. So, if you want to use X11 graphics you will need to install the XQuartz X11 server ( https://www.xquartz.org/ ) .