Tips for Reducing the Number of Duo Two-Factor Logins
This page will provide tips to reduce the number of Two-Factor logins when using the HPC system.
Data Storage
- Connecting to your home account or shared storage via CIFS will create a persistent connection from your desktop computer and will not require DUO logins for file transfers on campus or through VPN. - More information here: Home Accounts
- Using sftp instead of scp with your client of choice can decrease the number of connections required. (Note: you may need to increase the timeout period in your sftp application.)
Programs to Reduce SSH Logins
Linux Screen
Linux Screen is a tool available on all login nodes that allows a user to have multiple shells active in a single SSH session. This means that a user only has to login once, and then can have multiple active sessions within a single login!
To start Linux Screen, simply login to the system using the normal method. Ex: ssh hawkid@argon.hpc.uiowa.edu
Then after you have gained access to the cluster, execute the screen command: 'screen'
This command will create a "screen session" which acts as your usual shell, but with a few very handy additions!
In order to access the Screen commands, you must first press CTRL + 'a'. This lets the screen session know that the following entry will be a screen command and not a normal shell command. Typing CTRL + 'a' and then pressing '?' will bring up a help window listing all possible Screen Commands. I will go over the most important ones here.
CTRL + 'a' 'c'
This command is very important. When a user invokes this command, a new Screen window will be created within your current Screen Session. This is called a Nested Screen. You will be placed inside this new screen (it will still act like your usual shell.) Your old screen session, which was created when you typed 'screen,' and all of its running processes will still be running. This is particularly useful when you need to run a script in one screen, and monitor it on another. You are able to create as many active screens as you need, and all will work independently.
CTRL + 'a' 'n' or CTRL + 'a' 'p'
This command allows a user to navigate Nested screen sessions. Every time you create a new Nested Screen Session, your session is added to a list of active screens. By invoking the 'n' command, you can cycle to the next screen on the list. Typing 'p' will return you to the previous screen on your list. The list is navigated 'carousel' style, meaning if there is no screen next on the list, you will be cycled around to the other end of the list.
CTRL + 'a' 'd'
Here is the command that makes screen extremely useful. 'd' is the DETACH command. When in a screen session, you can invoke 'd' to return to your non-Screen shell. This means you will have all of your screens running in the background, but will currently be in your usual shell environment. This feature is automatically invoked if you are to lose SSH connection, meaning if the SSH session is lost, all processes active in your Screen sessions will continue to run normally! This is different from a Nested Screen as you will be outside of the Screen Session. This means that any CTRL + 'a' commands will not work until you have re-attached your screen.
screen
After you have detached from your Screen Session, you can create another one using 'screen' This will create a completely separate screen session in which you may add more Nested Screens.
screen -ls
When you have DETACHED from your Screen Session, you can view all of your running Screen Sessions using 'screen -ls'
$ screen -ls There are screens on: 19437.pts-0.neon-login-0-1 (Detached) 19671.pts-0.neon-login-0-1 (Detached) 2 Sockets in /var/run/screen/S-kbozorgzadeh.
As you can see, I currently have two active Screen Sessions. Each with its own set of Nested Screens. Both Screens are currently detached. If one of them were to say attached, that indicates that I am currently invoking the command from within one of my Screen sessions, and not from my SSH shell.
screen -r [NAME]
This is the REATTACH command. After a DETACH has occurred, you may reattach to currently running Screen sessions by executing 'screen -r.' This will attach you to the screen session indicated by [NAME]. To find the name of your Screen session, run 'screen -ls' the name will be the ID number of the session. IE: [NAME].pts-0.neon-login-0-1
CTRL + 'a' 'k'
This is the screen kill command. When in a Screen Session, use this command to kill the current window.
If you are in a Nested session, you will kill only the current Nested Session not the entire Screen Session!
CTRL + 'a' '\'
This is the Kill-All command. When in a Screen Session, this will kill the session, and all Nested Sessions. This is useful when you are finished working and need to clean up.
Be sure to always run 'screen -ls' after you have finished working and ensure that all screens have been killed. Screen sessions will run indefinitely unless they are given the kill of kill-all command!!
TMUX
TMUX is very similiar to screen in that it allows for multiple shell sessions to be active within a single SSH session. This limits the number of DUO logins in the same fashion: Login to the cluster once using DUO, then activate TMUX to work in multiple windows without the need to login for each one.
TMUX has many options and customizations like colorizing tabs, setting alerts, lock timers, and detachable sessions (similar to Screen's detachability). These can all be found in the man pages, typing CTRL+'b' ? in the TMUX session, or here. In this document, I will explain the basic usage needed to decrease DUO logins.
To start a TMUX session, log into the cluster (verify with DUO) then enter 'tmux new' into the command line. You should see a solid bar at the bottom of your console screen indicating the tab you are currently in. ex: [0] 0:bash*
CTRL + 'b'
This is the command bind key. Similiar to SCREEN, when in an active TMUX session, this key combination lets the terminal know that the next input will be a TMUX command.
CTRL + 'b' 'c'
This is the "create window" command. When pressed, TMUX will generate a new "tab" called a window. You will see a new label in the bottom bar.
[0] 0:bash- 1:bash*
The example above shows what the bottom bar of your console will look like. The asterisk next to 1:bash indicates that your current tab is the second tab on the list. (your first tab being called '0:bash', and the session being called '[0]')
CTRL + 'b' 'n' or CTRL + 'b' 'p'
This is the next/previous window command. When more than one tab is present in your session (indicated by the list of windows in the bottom bar of your screen) this command will switch you between windows. You will notice that when this command is invoked, the asterisk next to the labels will move to your currently viewed window.
CTRL + 'b' 'w'
On top of being able to toggle forward and backwards between windows, this command allows you to choose which window you wish to view interactively. Simply input the command, then use the arrow keys to select which window you wish to enter and press RETURN/ENTER.
CTRL + 'b' 'x'
This is the kill window command. When you have finished work in one window, use this command to close it. You will see a prompt in the bottom bar asking you to confirm the action: "kill window? y/n"
CTRL + 'b' ' " '
This command is extremely useful. It is the split window command. Say you wish to watch a process on your current window, but need to work elsewhere. SImply run this command, and your screen will be split into two seperate screens with a solid line separating them horizontally in the middle. Use CTRL + 'b' 'o' to switch between the two panes!
FASTX
FastX can be used as a way to have multiple sessions running through a single ssh session. More information on FASTX can be found here: FastX connections