Skip to content

Logging in

Additional security policy measures in force

Please note that we are currently applying a policy of requiring your user account password in addition to your password-protected SSH key to login to Apocrita.

Once you have an account, you can log into the cluster from any network (internal to QMUL, over eduroam, or from other sites over the internet) using a secure shell (SSH).

Never share your private key or password with anyone

Your private key / password identifies you as yourself, anyone with either of these can access the cluster using your account.

SSH access via the Terminal

To login into Apocrita using your password and SSH key, use one of the following methods (valid for all Linux, macOS and Windows 10+ systems).

  1. SSH connection with a specific key
  2. Add the key to your SSH agent
  3. Create an SSH configuration file

Firstly, open a local terminal or the Windows Command Prompt.

  • On Linux systems, this will usually be an application called "Terminal".
  • On macOS systems, go to Applications->Utilities->Terminal.
  • On Windows 10+, type cmd (short for command) into the search box, and press Enter. You may need to firstly enable the OpenSSH client if SSH commands do not work by default.

Then connect using one of the above methods, further described below. In all examples, replace USERNAME with your Apocrita username and /path/to/privatekey with the real path to your generated private key. If you have not already generated a key pair, see the instructions to generate a SSH key pair.

Your password will not be displayed

Linux does not display feedback as passwords are typed.

SSH connection with a specific key

Run the following command to SSH into Apocrita specifying a private key.

ssh -i /path/to/privatekey
  • On Linux the key path defaults to /home/USER/.ssh/id_rsa.
  • On macOS the key defaults to /Users/USER/.ssh/id_rsa.
  • On Windows 10+ the key defaults to C:\Users\USER\.ssh\id_rsa

Where USER is the username on your local machine.

Add the key to your SSH agent

Run the following commands to add the private key to your SSH agent and log in to Apocrita.

ssh-add /path/to/privatekey

By using the SSH agent, you will not be prompted for the key passphrase every time you use the key once the key has been added to the agent. A key will remain in the agent until either removed, the agent is restarted or your machine is rebooted.

The SSH agent might be disabled by default on Windows 10+, to enable this, open the Services window, right click on the OpenSSH Authentication Agent entry and press Start. If this option is not available, click Properties and change the Startup Type to "Automatic", then start the service.

Create an SSH configuration file

In the .ssh directory, create a file called config and include the following:

Host apocrita
  IdentityFile /path/to/privatekey

Now you can SSH to Apocrita using the following command:

ssh apocrita

As you have stored your username, remote hostname and private key information inside the SSH user configuration file, you do not need to specify these on the command line.

MobaXterm setup instructions (Windows only)

MobaXterm is only supported on Windows operating systems

If you are using Linux or macOS, please see the SSH access via the Terminal instructions below.

If you require a graphical SFTP connection and X Windows support, then we recommend using MobaXterm. The following instructions explain how to create a session to log into Apocrita.

  1. Open MobaXterm.
  2. Click on the Session tab above the Quick connect textbox. This will bring up a new window.
  3. Click SSH (first option) to display the SSH settings.
  4. Enter in the Remote host box.
  5. Check the Specify username box and enter your Apocrita username into the textbox.
  6. Click the Advanced SSH settings tab to display further options.
  7. Check the Use private key box, click the page icon at the right of the textbox and browse to your private key.
  8. Click OK to save your session. This will also attempt a connection to Apocrita.

When logging in, you should be asked for your SSH key passphrase, then your Apocrita password. You may click Yes when prompted to save your Apocrita password securely so you do not need to type this every time you login.

Changing your password

Once you have an account, you should be able to change your Apocrita password using the ITS Research Password Manager. Please make sure that you read the recommendations carefully. This site is protected behind the QMUL idcheck service therefore, only users with valid QMUL IT Services accounts will be able to use this process.

The password change will affect access to the following ITS Research services:

You can also add a new SSH public key when you cannot access Apocrita by using this form.

For changing your college password please use central IT Services PRM utility.

If you cannot remember your password please contact us requesting a one-time unlocking code.

One-time unlocking code

If you were given a one-time unlocking code, please enter it into the One-time unlocking code field leaving the existing password entry blank.

X Windows

The X windows system allows forwarding of graphical applications running on cluster nodes to the user's desktop. This allows programs like MATLAB to be run on the cluster using the GUI. Due to the overhead of running and GUI and the need for a constant connection this is discouraged but may be required by certain applications.

Initial setup varies based on the user's operating system.

Linux and macOS X Windows

macOS users need to download XQuartz

macOS requires the installation of XQuartz to allow X Windows software to be used.

Adding -X to the SSH command line will enable X forwarding:

ssh -X -i /path/to/privatekey

If you experience issues with drawing the GUI or receive errors it may be worth trying -Y instead of -X which will enable X forwarding without the X11 Security extensions:

ssh -Y -i /path/to/privatekey

You may also use the SSH agent or an SSH configuration file file to pass your private key.

The SSH configuration file also supports enabling X forwarding for all connections so you do not need to pass the -X or -Y options. To enable this add ForwardX11 yes to the apocrita section in your configuration file. For example:

Host apocrita
  IdentityFile /path/to/privatekey
  ForwardX11 yes

Windows X Windows

MobaXterm has X windows built in and forwarded by default so no additional user steps are required.

If you are using the Windows Command Prompt (Windows 10+), you will need to download and run an X server application (such as Xming) to launch X windows. Please contact us if you need assistance setting up this connection.