set up ssh odyssey HPC

  1. request an account following here.

  2. Harvard odyssey HPC requires a two-factor security login. First set up the VPN following here

  3. Then read about OpenAuth here. One can download mobile apps such as Duo and google-Authenticator on your phone, but then each time you will need to type the password to the terminal. Or you can download the java program for desktop, if you have a FAS research computing account, you should be able to download it from the link FASRC send you. I downloaded a folder like mtang-openauth. The prefix will be your HPC account name.

cd mtang-openauth
No Java runtime present, requesting install.

You will have to install java first. My mac prompt a window for downloading, click More Info, it will bring you to a webpage for downloading.

After you install java, type ./, a little green box with the 6 digits verification code will show up in the upper-right corner of your screen.

Fire-up iterm2:


# it will prompt for password and then the verification code.
# type in the password for your account
# copy the 6-digits verification code and paste to your iterm window

This is kind of annoying if I have to do this everytime. It takes me ~2 seconds to type or copy/paste from the java desktop app, but what if I automate this. suppose I log into the HPC 10 times a day and 300 days per year. I save 2x10x300 = 6000 seconds, that’s 100 minutes a year :) The following may take me ~1 hour to set up, but I hope it can save you some time by following this.

generate ssh key for password-less login

Note, I have done this a couple of times, but I still need to google it everytime I set it up. I have told you googling is an essential skill for bioinformaticians :)

On your mac:

ssh-keygen -b 2048

Generating public/private rsa key pair.
Enter file in which to save the key (/Users/mingtang/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/mingtang/.ssh/id_rsa.
Your public key has been saved in /Users/mingtang/.ssh/
The key fingerprint is:
SHA256:8LOJnp1rv5BZY9yoHVcrQarTnhW5Ih+eK8dA1+rxYao mingtang@huitadmins-MacBook-Pro.local
The key's randomart image is:
+---[RSA 2048]----+
|            .    |
|           o .   |
|      .   ..+ .  |
|       o.+.o.= . |
|       .S.@.* .  |
|       ..^oXo.   |
|      . B+B= .   |
|     . ooo=..    |
|      o.E*+.     |

tell ssh-agent about our key, we use ssh-add:


This creates a private key at ~/.ssh/id_rsa and a public key at ~/.ssh/

Now, ssh to odyssey HPC:

# type in the passowrd
# copy paste the 6-digit verification code in the green box
# you will be logged in your home directory
cd .ssh

append your public key file (, not your private key!) on your mac (open the file, copy it) to ~/.ssh/authorized_keys on the HPC.

I asked Aaron in the group and it turns out one can not skip the 2-factor system for password-less login on the login node.

OTP Token Paster for OS X

Follow here

  • Install Homebrew
/usr/bin/ruby -e "$(curl -fsSL"
brew install oath-toolkit
  • If it isn’t already present, enter secret=YOUR_BASE32_ENCODED_SECRET in ~/.JAuth.rc.
# I have Services folder in my mac
mkdir -p ~/Library/Services
git clone
cd os-x-otp-token-paster
mv 'Enter Current TOTP Token.workflow' ~/Library/Services
  • Open System Preferences -> Keyboard -> Keyboard Shortcuts -> Services -> Enter Current OTP Token (probably way down at the bottom).
  • Click ‘add shortcut’ and enter the key combination you want to use.I use control + shift + U
# type in password
# when prompt for verificartion code
# use the short-cut: control+shift+U 

ControlMaster for ssh

Please follow here to set it up.

with this, you only need to type in the password and verification code once. The subsequent logins will be password-less for the login node.

OpenSSH has an option called ControlMaster that enables the sharing of multiple sessions over a single network connection. This means that you can connect to Odyssey once, enter your password and Verification code, and have all other subsequent ssh sessions (including svn, rsync, etc. that run over ssh) piggy-back off the initial connection without need for re-authentication. You can specify such options each time on the command line, but it’s easiest if you put it in your ssh client configuration file so that it applies every time.

Mosh, a mobile shell

If your internet is not stable you may want to install mosh

Remote terminal application that allows roaming, supports intermittent connectivity, and provides intelligent local echo and line editing of user keystrokes.

After installing it, instead of doing


# do this

Even your internet is dropped or the VPN is disconnected, after you reconnect, you shell session will be alive without logging in. Pretty cool!

comments powered by Disqus