You must have requested and received a login in order to access the service. To do this, please see our obtaining an account documentation. If after this you still cannot log in, please open a ticket at the service desk and provide us your grant number or your login.
Accessing the service securely
After you have an account, make sure you have the appropriate tools for access. The only way to access SURF's HPC systems is by using SSH, SCP or SFTP, which use an encrypted and secured connection.
The Data Archive is a Unix-based system and requires you to login to the login node with your username and password. The system also allows key-based authentication.
A more in-depth introduction and explanation can be found on this SSH usage page, which also describes the respective Unix, Windows and Mac tools which can be used for encrypted and secured connections.
Checking if you have access as a Snellius user
Users of the compute infrastructure, that (additionally) have access to the Data Archive service, have their own directory on the archive file system visible from the compute infrastructure. A user can access his/her archive directory via:
cd /archive/<login>
Checking if you have access as an archive-only user
If a user has only access to the archive but no other parts of the compute infrastructure, they can log in directory to the archive. Log in can be done using a terminal or tool supporting SFTP or SSH connections.
In your terminal, try to ssh into the archive with:
ssh <login>@archive.surfsara.nl
- You will be prompted to enter your passphrase associated with your private key pair.
- If you logged in correctly, you will find yourself located in your login’s home directory:
/archive/<login>/
Possibly the SSH application notifies you about the authenticity of a newly connected host. Before you type "yes", please verify the following:
- the host is
archive.surfsara.nl; - the IP is in the range
145.xx.xx; - the fingerprint is
SHA256:v5Lzrm5O/dyeus5XDOjGBQCUyn1HSl9J7ZB2PNVYNsM.
Connection info
For connecting to the Data Archive any of the following protocols can be used:
| Protocol | Full name | Node | Port | Transfer ports | Authentication encryption | Transfer encryption |
|---|---|---|---|---|---|---|
| SSH | Secure Shell | archive.surfsara.nl | 22 | 22 | Yes | Yes |
| (HPN-)SSH | High Performance Networking SSH | archive.surfsara.nl | 2222 | 2222 | Yes | Depends, cipher can be disabled |
| SFTP | SSH File Transfer Protocol | archive.surfsara.nl | 22 | 22 | Yes | Yes |
| rsync | Rsync | archive.surfsara.nl | 2222 | 2222 | Yes | Yes |
| FTP(E)S | File Transfer Protocol (Explicit) Secure | archive2.surfsara.nl | 990 | 990 | Yes | Implicit: yes Explicit: depends |
| GridFTP | Grid File Transfer Protocol | archive3.surfsara.nl | 2811 | range | Yes | Yes |
We recommend connecting to the archive from your own laptop or computing environment. But if this is not possible we also offer some limited options for connecting from the archive to other environments:
| Tool | Version |
|---|---|
| wget | 1.14 |
| curl | 8.0.1 |
| ssh/scp/sftp | OpenSSH_7.2p2, OpenSSL 1.0.2p-fips
|
| rsync | 3.1.3
|
| aws cli | 2.13.13 |
If you're stuck and need help, please open a ticket in our service desk with all of your command line output.
Failure to login
If you make 3 unsuccessful attempts to login, our system will ban your IP address for 10 minutes. If you continue to make failed attempts, the ban time will double with each successive failure (i.e. 10 min, 20 min, 40 min, 80 min, etc). This is done to keep your data safe by preventing malicious hackers from brute force guessing your password. If you have forgotten your password, you can follow the steps here to reset it.
Sharing IP addresses
Many institutions use Network Address Translation (NAT), which places the system or institution behind a single IP address. This means that a ban instigated by a single user can affect the whole institution. We strongly recommend that if you or someone at your NAT using institution has initiated a ban, that you double check your login credentials before attempting to login again or simply resetting your password to prevent the ban time being lengthened.