# Getting started with ISCA

## Learning Objectives
- Connect to the ISCA HPC system using ssh
- Copy files using secure copy - scp
- Create an identity key and config file for easier access

## ISCA compute resources
- A cluster of standard CPU nodes (Linux) (256GB) 
- Large memory (3TB) nodes
- Xeon Phi accelerator nodes and GPU (Tesla K80) compute nodes.

### Fair Usage
There are major benefits in terms of capacity and capability to using a central HPC system. There are also logistical and practical challenges that arise when using a shared resource. There are two elements of the system that are shared, the storage and compute. Schedulers deal with the allocation and protection of compute, and we will cover these in more detail later on. Storage might be managed by applying file quotas to user folders. It is likely there is also a fair usage policy in action designed to ensure everyone can get access to a compute node within a reasonable period of time. Essentially, whereas on your computer you can use it how you want, when you want with no impact of others, with a HPC system, you may need to be patient at times and be considerate of other users. 

### Citing use of ISCA
Please use the following when acknowledging the use of ISCA in research papers:

```
The authors would like to acknowledge the use of the University of Exeter High-Performance Computing (HPC) facility in carrying out this work.
```
Also, when you submit your paper or article to Symplectic please add ARC - ISCA as an Unclassified Label.

## Connecting to ISCA
Connections to ISCA are from local network connections, ethernet or WiFi, or via VPN.  There is no facility to log in to ISCA from the Internet, for example from home, other institutions, or public WiFi.  Connections must be authenticated using SSH.

### SSH 
The Secure SHell protocol (or SSH) opens an encrypted network connection between two machines. SSH encrypts all communication, not just the exchange of passwords.

### Client-server

SSH uses a client-server architecture.  In our case ISCA is nearly always the server, and your personal computer is the client.  The SSH client is generally called 'ssh' and can be started from the terminal window in all modern operating system.
 
### SSH layers (or services)

SSH provides two different, but related, services

* Authentication

* Encrypted connections


## Exercise
Check that the ssh client is available on your laptop - type 'ssh' in the terminal. You should get output like that below.

``` bash
you@laptop:~$ ssh
```

``` bash
usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
           [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]
           [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]
           [-i identity_file] [-J [user@]host[:port]] [-L address]
           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
           [-Q query_option] [-R address] [-S ctl_path] [-W host:port]
           [-w local_tun[:remote_tun]] destination [command [argument ...]]
```

### Logging in

Once you have been granted access to isca, you should be able to login with your (short) university user id. The syntax for logging into a machine with `ssh` is

``` bash
you@laptop:~$ ssh userid@login02.isca.ex.ac.uk
```

where `userid` is your standard login - like `xy123`

### First Time Warning
An important security warning will occur whenever you attempt to log into another machine for the first time. 
``` bash
The authenticity of host 'login02.isca.ex.ac.uk (144.173.114.132)' can not be established.
ED25519 key fingerprint is SHA256:rPqlD8myIfJUQBINKPYCp47oIQm3sGVMUPSAWT26E/M.
ECDSA key fingerprint is SHA256:ah29tkixxl7NW/zdJM6TSbASY3UyLsKZEKUMMZSD3X0.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?
```

Any subsequent time you log into that same server, you should **not** see this message, as this server's fingerprint is saved in a list of `known_hosts`.

## Using a cryptographic key

Typing your password in every time you login can be tedious, it also makes it difficult, and insecure, if you need to automate actions such as file transfers.

Modern cryptography typically used key pairs, a private key that you keep close to you (typically on a personal laptop) and a public key that you install on remote servers, such as isca.  Think of the public key as being more like a door lock than a key, it cannot open anything, but specifies which private key will unlock the account.

### ssh-keygen

If ssh-keygen is available on your laptop, you can use it to generate a key-pair.

``` bash
you@laptop:~$ ssh-keygen -f my-isca-key
```

## Exercise
Use ssh-keygen to create a key-pair

``` bash
you@laptop:~$ ssh-keygen -f my-isca-key
```

I suggest for now you use an empty passphrase. 
Passphrases (long passwords) are useful if you to secure a key, for example if you need to store a private key on a shared, or networked, computer.


## Problem - how do we install the public key on ISCA?

### Client files

``` bash
config
id_ed25519
id_ed25519.pub
known_hosts
```

### Server files

``` bash
authorized_keys
id_ed25519.pub
```


## ssh login with key (identity)

```
ssh -i ./id_ed25519 user@login02.isca.ex.ac.uk
```

## scp
When we want to copy files back and forth from the cluster, the standard tool is `scp`

``` bash
[you@laptop ~]$ scp <source> <destination>
```

Note that 'source' and 'destination' can be either local or remote files, or directories.

The three components of a remote machine path `<username>@<hostname>:<filepath>`
1) `username`: your login ID for that machine
2) `hostname`: the remote address for the machine
3) `filepath`: the path to the file on the specified machine

Scp uses ssh to authenticate, so you can use password authentication or an identity file (private key) using the '-i' flag.

Another useful option is '-r' to recursively copy directories.


## SSH config file

We can create a config file that allows us to use short names for machines we use regularly using an ssh `config` file.

First create a file named 'config' in ~/.ssh if you don't already have one.

``` bash
touch ~/.ssh/config
chmod 600 ~/.ssh/config
```

In a programming editor copy the following example. **Remember** to swap your specific `username` for the placeholder.
``` bash
# Configuration file for ssh and scp
Host isca
  HostName login02.isca.ex.ac.uk
  User user_id
  ForwardAgent yes
  IdentityFile ~/.ssh/id_ed25519
```

Now you can log in with

``` bash
you@laptop:~$ ssh isca
```

And copy files with

``` bash
you@laptop:~$ scp hello.txt isca:
```

