Minerva currently has several login nodes. Some login nodes are connected to the campus network at 10Gb/s, allowing access only at the school. Other login nodes are connected to the public internet, allowing access from outside the school.
Both types of login nodes require two-factor authentication. There are several two-factor login choices available for use, depending on your account type. At least one type of two-factor authentication is required.
On-campus login nodes:
There are currently two (2) on-campus login nodes, minerva13 and minerva14. You may connect to one of them through one of two round-robin DNS load balancing names or you may specify one of them explicitly, if you prefer one over the other. For example, if you have a disconnected screen session running on one of the nodes, you will want to log onto that particular node if you want to reconnect.
The addresses of the nodes are:
- minerva.hpc.mssm.edu – round-robin redirect
- chimera.hpc.mssm.edu – round-robin redirect
- minerva13.hpc.mssm.edu – specific login node
- minerva14.hpc.mssm.edu – specific login node
Public login nodes:
There are currently two (2) public login nodes, minerva11 and minerva12. You may connect to any of them through a round-robin DNS load balancing name, or you may specify one of them specifically, if necessary.
The addresses of the nodes are:
- minerva.hpc.mssm.edu – round-robin
- minerva11.hpc.mssm.edu – specific public login node
- minerva12.hpc.mssm.edu – specific public login node
Important: Too many failed login attempts on public nodes will block your IP address for 24 hours.
The name minerva.hpc.mssm.edu round robin name is valid for both the on-campus and public login nodes. Using this name will direct you to the appropriate login node type. If you are on-campus, you will be connected to an on-campus node; if off-campus, you will be connected to one of the public login nodes.
Suggestion: Use the name minerva.hpc.mssm.edu for your connections, as it will continue to work in the future even if the login nodes are changed.
Each node of Minerva supports several authentication types. This is to accommodate multiple account types including external collaborators, students, Sinai employees, admins, etc. To login using a specific authentication type you must append a suffix to your name during login. See the table below:
|Users||Login Method||Login Servers||Password Components|
|All login servers||Sinai Password + 6 Digit Symantec VIP token code|
|Sinai users||user1+vldap||All login servers||HPC Password + 6 Digit Symantec VIP token code|
|External users||user1+yldap||External login servers, i.e.:
|HPC Password + Yubikey Button Push|
The default authentication for internal Mount Sinai users is vkrb, which is what Mount Sinai School students will use.
For example, for an internal Mount Sinai user, these two forms of login function identically:
- ssh firstname.lastname@example.org
- ssh email@example.com
Note: With the password, there should be no spaces, punctuation, enter-keys, etc. between the two password components.
Which authentication type should I use?
When your account was created, you were told what type of authentication your account would require. Depending on the type of entry you have in the Mount Sinai campus directory, you may require one method or another. If you are unsure which method your account works with, please contact firstname.lastname@example.org
Two Factor Authentication:
To setup two factor authentication for Symantec VIP, visit the ASCIT website. Symantec VIP produces a 6 digit code using either a legacy hardware token or software token which can be installed via the ASCIT link. Legacy hardware tokens are no longer available to new users. To generate the code, you need to either launch the application on your phone or PC, or press the button on your hardware token.
A Yubikey produces a code consisting of many characters (about 26) using a USB device which emulates a keyboard. Essentially, it is a 1-button USB keyboard. To generated the code, plug the device into your USB port and press the only button on the Yubikey at the appropriate time. Remember, no spaces or punctuation between the password and the Yubikey push. The output will be typed into the window /console as if it were typed by a keyboard followed by the “enter key”.
If you obtain your Yubikey from the HPC staff, it is already registered with your account.