How can I log into the machines at the MPCDF?

The compute resources at the MPCDF run Linux, and login is only possible via SSH in combination with two-factor authentication (see below). Any modern operating system (Linux, MacOS, Windows 10) provides an SSH client which is typically invoked via the ssh command from a terminal. To access a system at the MPCDF from the public Internet it is necessary to log into one of the gateway machines first, and then log from the gateway system into the target system.

What are the gateway machines for SSH login?

The following gateway machines are available and accept SSH connections from the Internet:



Both machines provide a very small local home directory only. From these machines direct logins to HPC systems and clusters are allowed.

Both gateway systems are rebooted weekly - gate1 each Tuesday, 3:45am, and gate2 each Saturday, 3:45am, German local time. User sessions are not persistent across reboots.

More details, including host key fingerprints, are available in the documentation of the gateway machines.

Two-factor authentication (2FA)

Two-factor authentication (2FA) is mandatory. Please find the 2FA-related part of the FAQ here.

Are SSH keys supported?

Logins with SSH keys are not supported, neither on the gateway machines nor on the HPC systems or clusters. To make repeated logins more convenient, in particular with 2FA, use a ControlMaster setup.

Can ssh/scp/sftp performance be improved?

In order to improve single stream ssh/scp/sftp performance, it is recommended to pass the option -c aes128-ctr to your ssh/scp/sftp session.

I get a SSH security warning about a host key change when trying to log in. What does this mean and what should I do?

The current host keys for the gateway machines are documented above. In case of host key changes for existing systems which may occur after maintenance works, the new host keys are communicated via email or via this documentation page. If unsure, submit a ticket to the MPCDF helpdesk.

How can I run applications with graphical user interfaces on MPCDF systems?

Applications with X11-GUIs can be run on the login nodes of the HPC clusters or on dedicated resources. Depending on the requirements the following options are available.

X11 forwarding

Forwarding of X11 displays to a local computer is possible using SSH. From your local system, connect to the MPCDF system with

ssh -C -Y hostname

The flag -C enables compression which typically improves the performance for GUI applications. While Linux clients mostly have a local X server running, Mac and Windows clients need to install an X server, e.g., XQuartz, Xming, Cygwin/X.

For complex GUIs, the performance of X forwarding is often not sufficient, and VNC is recommended instead.


Users can manually start a VNC server on the login nodes of the HPC systems and clusters to run GUI applications without the need for X11 forwarding. That VNC server is persistent until the next reboot of the machine. More conveniently and on dedicated resources but with a time limitation, the web-based remote visualization service allows to launch and use VNC sessions (available on a subset of the HPC systems).

Remote Visualization Service

To enable hardware-accelerated OpenGL rendering, the web-based remote visualization service allows to use the GPUs of some nodes of a subset of the HPC systems for remote visualization.