Fork me on GitHub

Tips for working with MFA

Here are some techniques you can use to reduce the number of times that you need to re-authenticate to our HPC systems.

Reuse SSH connections

Many SSH clients can reuse existing SSH sessions for new connections without the need to reconnect. Some clients also allow sessions to persist temporarily after you have closed all your terminal windows to allow you to easily reconnect for a short time without having to reauthenticate.

SSH clients

SSH has a built in functionality to reuse existing connections for new sessions. You can enable this feature by adding the following config to your ~/.ssh/config file on your local PC:

Host iceberg.shef.ac.uk
  ControlMaster auto
  ControlPath ~/.ssh/sockets/%r@%h-%p
  ControlPersist 600

You will need to create the directory ~/.ssh/sockets before running ssh. The ControlPersist option allows you to specify how long (in seconds) your SSH connection should perist after you have closed all your existing sessions. During this time you can start a new session without reauthenticating.

Warning

If you configure your SSH client to maintain connections ensure that your client PC is kept locked whenever you leave it unattended.

Warning

If you are temporarily disconnected from the network you may find that your SSH session does not immediately detect the failure. You can delete the control socket created in ~/.ssh/sockets in order to clear the session and reconnect. You should not use this option when running SSH commands on remote systems.

Putty

You can configure Putty to Share SSH connections if possible via the SSH option in the Connection Catagory when configuring a new connection.

As long as your existing connection remains active you can start new sessions without reautenticating by using Duplicate Session command to start new sessions.

Other applications which use Putty for SSH connections can also re-use your existing connection without needing to reauthenticate.

Note

If you perform a large file transfer over a shared session you may find that other sessions sharing the same connection become less responsive.

TMUX/screen

TMUX and screen are available on the HPC login nodes and can be used to run multiple shell sessions within a single SSH session.

For examples of using TMUX to manage mutiple sessions see the following RSE blog post: tmux: remote terminal management and multiplexing

Transferring files

If you need to transfer data from your local PC to a research shared directory you can directly access the data from your local PC without using MFA, instead of transfering the files via the HPC.

For more info on how to do this see our Research Storage documentation .