a. Login and Authentication

My login is slow or my batch commands are slow

Nine times out of ten, slowness at login, starting file transfers, failed SFTP sessions, or slow batch command starts is caused by un-needed module loads in your .bashrc

We do not recommend putting multiple module loads in your .bashrc as each and every new shell you or your jobs create will call those module loads. It is recommended that you put your module loads in your job scripts so that you are not loading un-needed modules and waiting on those module calls to complete before commencing the job. Alternately, you can create a login script or alias containing your frequently used modules that you can run when you need to use them.

Either way, try to keep any module loads in your .bashrc down to a bare minimum, calling only those modules that you absolutely need in each and every login or job.

Additionally, as time goes on modules change or are removed. Please ensure you remove any deprecated modules from your .bashrc or other scripts. For example, the legacy modules no longer exist. So if you have a call to module load legacy and any of the legacy modules, or if you have source new-modules.sh your login will be delayed as the module system searches for and then times out on those non-existent modules.


My alternate shell (csh, tcsh, etc.) doesn’t work right

Having a non-standard default shell will cause problems and does not allow us to set global environmental defaults for everyone. As 2019 we will no longer change the default shell on any account or support the use of alternate shells as default login shell.

Users who do not have bash as their default login shell will need to change back to bash. Users can, of course, still launch an alternate shell once logged in.


SSH key error, DNS spoofing message

Whenever nodes are updated (for instance, the May 2018 upgrade to CentOS 7), if there is a significant change to them then the SSH key fingerprint is likely to change. As you've already stored the fingerprint locally, you will receive a key mismatch error like "WARNING: POSSIBLE DNS SPOOFING DETECTED!" and "The RSA host key for login.rc.fas.harvard.edu has changed". 


To fix this, you will need to remove the key in question from your computer's local known_hosts file. If you are on a Mac or Linux, you can use the following command from a terminal window on your computer.

ssh-keygen -R login.rc.fas.harvard.edu

If the error was for a specific node, replace 'login.rc.fas.harvard.edu' with the full name of that host.

You can now log into the node and will receive an all new request to store the new SSH key.

The example in the screenshot above assumes that your username on your local machine (jharvard, in this case) matches your cluster account username. If this is not the case, you will have to login with your username, explicitly, such as: ssh jharvard@login.rc.fas.harvard.edu

Please note that there are several nodes behind the 'login.rc.fas.harvard.edu' hostname, so you may receive more errors like the above. Answering yes will allow you to continue.

Alternately, if you primarily only interact with the cluster, you may find it easiest to simply remove the known_hosts file and let it be created from scratch at next login. Mac and Linux users can do so from a terminal on their computer with the following command:

rm ~/.ssh/known_hosts



PuTTY may prompt you to update the key in place, or it may require updating a registry entry to correct this. If the latter, you will need to remove the known_hosts from the registry:

  1. Open ‘regedit.exe’ by doing a search  or by pressing the "Windows Key + R" and type "regedit" and hitting enter or try opening C:\Windows\System32\regedt32.exe
  2. Find HKEY_CURRENT_USER\Software\[your username here]\PuTTY\SshHostKeys
  3. Remove all keys or find and delete the individual key you need to remove
  4. Restart your computer, changes won't take effect until after a restart.


SFTP exits after a few seconds

When connecting via a SFTP client like Filezilla, if you experience a short delay and then disconnection, this is most likely an issue caused by your .bashrc 

During SFTP connections, your .bashrc will be evaluated just as if you were logging in via SSH. If you've added anything to your .bashrc that attempts to echo to the terminal/standard out, this will cause your SFTP client to hang and then disconnect.

You can either remove the statement in your .bashrc that is writing output (an echo statement, a call to an app or module that sends a message to standard out, etc.) -or- you can put the offending statement into an evaluation clause that first checks to see if this is a interactive login, like so:

if [ “$SSH_TTY” ]
     echo “SFTP connections won’t evaluate the things inside this clause."
     echo "Only real login sessions will.”


Can I use SSH keys to log in without a password?

No. Our cluster login relies on two-factor authentication. This makes using key-based authentication impractical.



How do I get a Research Computing account?

Before You Sign Up

If you are unsure whether you qualify for an RC account, please see Qualifications and Affiliations. More information on using the signup tool can be found here.

Please Note: You may have only one RC account. If you need to add cluster access or membership in a different/additional lab group, please submit a help ticket. Please do not sign up for a second account. This is unnecessary and against our account policies.

The Process

To request an account to access resources operated by Research Computing. (Cluster, Storage, Software Downloads, Workstation access, Instrument sign-up, etc.), please proceed to the

Account Request Tool

PLEASE NOTE: Do not select FACULTY as your job type is you do not have a faculty appointment. If you are a researcher with additional rights (fellowship, PI-like rights, funding, etc.), please select STAFF or POSTDOC. Faculty accounts are intended only for those holding an active Associate Professor or higher appointment.

Once you've submitted the request, the process is:

If You Selected: Internal/Using Harvard Key to verify your information and qualifications:

  1. The request is on hold while the PI is asked to approve or reject it.
  2. Once approved, the account is finalized and set up.
  3. Once finalized, you receive an automated email confirmation with your new account information and instructions for setting the password.

If You Selected: External/Not using Harvard Key to verify your information and qualifications:

  1. The request goes to RC personnel to check that it is complete and meets affiliation requirements.
  2. Once approved by RC, an email is sent to your PI to approve/reject the request.
  3. The request is on hold while the PI is asked to approve or reject it.
  4. Once approved, we finalize the account on our side (during business hours).
  5. Once finalized, you receive an automated email confirmation with your new account information and instructions for setting the password..

You can then proceed to set up your OpenAuth token and get connected to the cluster. The turnaround time is directly related to the PI/Sponsor's approval of the account. External accounts are reviewed by RC staff during business hours and generally vetted and sent on to the PI/Sponsor for approval within one business day

NOTE! If you request "Cluster Use" (the ability to run jobs on the cluster), you are required to complete the online Introduction to the Cluster course within 45 days of your account being issued.


Can I share an account? – Account Security Policies

The sharing of passwords or login credentials is not allowed under RC and Harvard information security policies. Please bear in mind that this policy also protects the end-user. Sharing credentials removes plausible deniability for the account holder in case of account misuse. Accounts which are in violation of this policy may be disabled or otherwise limited.

If you find that you need to share resources among multiple individuals, please contact us and we will be happy to assist you with finding a safe and secure way to do so.


How do I login to the FASRC cluster?

Step 1: Launch the OpenAuth application. For instructions on how to install and launch OpenAuth please see here.

Step 2: Launch a Terminal application.

Step 3: Using your Terminal application, connect through login.rc.fas.harvard.edu using ssh. If you are running Linux or Mac OSX it is as simple as running: ssh USERNAME@login.rc.fas.harvard.edu

USERNAME is the name you were assigned when you received your Research Computing account. (Add -CY if you have an X11 server installed and desire graphics support.) If you are on Windows, download PuTTY or your favorite ssh software and connect to login.rc.fas.harvard.edu.

You will be asked for your Research Computing password and OpenAuth Verification Code upon connecting. The hostname login.rc.fas.harvard.edu is a round-robin to some of our hosts named either boslogin##.rc.fas.harvard.edu or holylogin##.rc.fas.harvard.edu, so that is what you will see in your shell prompt once connected.

Note: In certain instances you will need to be logged on to the Research Computing VPN to access the cluster. Please see the VPN setup page for instructions on how to logon to the Research Computing VPN.

For more details on access to the FASRC cluster see the Access and Login page.


How do I reset my Research Computing account password?

Please click here to reset your Research Computing account password using your email address.

This will send an email to you with a one-time use link to set a new password.

Please note: Your username is not your email address. Your email address is used here only for password resets and to contact you.


How do I unlock my locked Research Computing account?

Once your account is locked, your account will automatically unlock after ~ 5 - 10 minutes.


How do I install and launch OpenAuth?

If you do not yet have an account, see: How do I get a Research Computing account?

Setting Up Your OpenAuth Token

  1. Visit https://software.rc.fas.harvard.edu/oa to start setup of OpenAuth.
  2. A login box will appear. Log in with your FAS RC username and password (your username is not your email address or Harvard Key, it is the short username you initially set up when requesting an account. Example: jsmith )
  3. After logging in, allow a few seconds as the site generates your token.
  4. A page will be displayed outlining next steps
  5. Await an email. This email will contain a link to your personalized token. You can download the Java applet or use the QR code on that page to add your RC token in Google Authenticator or Duo Mobile

Since the site uses email verification to authenticate you, you must also have a valid account and email address on record with Research Computing. All OpenAuth tokens are software-based, and you will choose whether to use a smart phone or java desktop app to generate your verification codes. Java 1.6 or higher is required for the desktop app.

You will need to use OpenAuth when accessing the Research Computing VPN and logging into the FAS RC cluster.



Billing FAQ