Passer au contenu principal

SSH connection to DCSR cluster

This page presents how to connect to DCSR cluster depending on your operating system.

Linux

SSH is always installed by most commons Linux distributions, so no extra package should be installed.

Connection with a password

To connect using a password, just run the following command:

ssh username@curnagl.dcsr.unil.ch

Of course, replace username in the command line with your UNIL login, and use your UNIL password.

Note: The first time you try to connect to an unknown remote computer via SSH, you will have to acknowledge the identity of the remote by typing "yes". Do not do this on insecure networks like free WIFI hotspots.

Connection with a key

To connect with a key, you first have to generate the pair of keys on your laptop.

By default, it suggests you to create the private key to ~/.ssh/id_ed25519 and the public key to to ~/.ssh/id_ed25519.pub. You can hit "Enter" when the question is asked if you don't use any other key. Otherwise, you can choose another path, for instance: ~/.ssh/id_dcsr_cluster like in the example above.

Then, you have to enter a passphrase (twice). This is optional but you are strongly encouraged to choose a strong passphrase.

This can be done as follows:

$ ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/ejeanvoi/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ejeanvoi/.ssh/id_dcsr_cluster
Your public key has been saved in /home/ejeanvoi/.ssh/id_dcsr_cluster.pub
The key fingerprint is:
SHA256:8349RPk/2AuwzazGul4ki8xQbwjGj+d7AiU3O7JY064 ejeanvoi@archvm
The key's randomart image is:
+--[ED25519 256]--+
|                 |
|    .            |
|     + .       . |
|    ..=+o     o  |
|     o=+S+ o . . |
|     =*+oo+ * . .|
|    o *=..oo Bo .|
|   . . o.o.oo.+o.|
|     E..++=o   oo|
+----[SHA256]-----+

Once the key is created, you have to copy the public to the cluster. This can be done as follows:

[ejeanvoi@archvm ~]$ ssh-copy-id -i /home/ejeanvoi/.ssh/id_dcsr_cluster.pub ejeanvoi@curnagl.dcsr.unil.ch
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ejeanvoi/.ssh/id_dcsr_cluster.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ejeanvoi@curnagl.dcsr.unil.ch's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'ejeanvoi@curnagl.dcsr.unil.ch'"
and check to make sure that only the key(s) you wanted were added.

Thanks to -i option, you can specify the path to the private key, here we use /home/ejeanvoi/.ssh/id_dcsr_cluster.pub to comply with the beginning of the example. You are asked to enter you UNIL password to access the cluster, and behind the scene, the public key will be automatically copied to the cluster.

Finally, you can connect to the cluster using you key, and that time, you will be asked to enter the passphrase of the key (and not the UNIL password):

[ejeanvoi@archvm ~]$ ssh -i /home/ejeanvoi/.ssh/id_dcsr_cluster ejeanvoi@curnagl.dcsr.unil.ch
Enter passphrase for key '.ssh/id_dcsr_cluster':
Last login: Fri Nov 26 10:25:05 2021 from 130.223.6.87
[ejeanvoi@login ~]$

Remote graphical interface

To visualize a graphical application running from the cluster, you have to connect using -X option:

ssh -X username@curnagl.dcsr.unil.ch

macOS

Like Linux, SSH has a native support in macOS, so nothing special has to be installed, excepted for the graphical part.

Connection with a password

This is similar to the Linux version described above.

Connection with a key

This is similar to the Linux version described above.

Remote graphical interface

To enable graphical visualization over SSH, you have to install an X server. Most common one is XQuartz, it can be installed like any other .dmg application.

Then, you have to add the following line at the beginning of the ~/.ssh/config file (if the file doesn't exist, you can create it):

XAuthLocation /opt/X11/bin/xauth

Finally, just add -X flag to the ssh command and run your graphical applications:

image-1637921404046.png

Windows

To access the DCSR clusters from a Windows host, you have to use an SSH client.

Several options are available:

We present here only MobaXterm (since it's a great tool that also allows to transfer files with a GUI) and the PowerShell options. For both options, we'll see how to connect through SSH with a password and with a key.

MobaXterm

Connection with a password

After opening MobaXterm, you have to create a new session:

image-1637855599086.png

Then you have to configure the connection:

image-1637855844680.png

Then you can choose to save or not your password in MobaXterm:

image-1637855958519.png

Finally, you are connected to Curnagl:

image-1637855982735.png

You can see, on the left panel, a file browser. This represents your files on the cluster and it can be used to edit small text files, or to download/upload files to/from your laptop.

Connection with a key

First you have to create a key:

image-1637856210025.png

A new windows is opened, there you can choose the kind of key (Ed25519 is a good choice):

image-1637856320671.png

While the key generation, you have to move the mouse over the window to create entropy:

image-1637856429206.png

When the key is generated, copy the public key into a text document:

image-1637858153947.png

Then, choose a passphrase (very important to protect your private key), and save the private key in your computer:

image-1637858382625.png

Once the private key is saved, you can create a new SSH session that uses a private key:

image-1637858608767.png

The first time you will connect, you will be prompted to enter the password of your UNIL account:

image-1637858679413.png

Once connected to the cluster, put the content of you public key at the end of a file called ~/.ssh/authorized_keys. This can be done using that command:

echo "PUBLIC_KEY" >> ~/.ssh/authorized_keys

(of course replace PUBLIC_KEY in the previous command with the value of you public key pasted in a text file)

image-1637858969167.png

And the next time you will connect, you will be prompted to enter the SSH key passphrase, and not the UNIL account password:

image-1637859097534.png

Remote graphical interface

With MobaXterm, it's very easy to use a remote graphical interface. You just have to pay attention to check the "X11-Forwarding" option when you create the session (it should be checked by default):

image-1637928096473.png

And then, once connected, you can run any graphical application:

image-1637930839430.png

SSH from PowerShell

Connection with a password

First, you have to run Windows PowerShell:

image-1637859384206.png

Once the terminal is here, you can just run the following command, add Curnagl to the list of known hosts, and enter your password (UNIL account):

ssh username@curnagl.dcsr.unil.ch

image-1637859622117.png

Connection with a key

First you have to open Windows Powershell:

image-1637860320009.png

Then you have to generate the key with the following command:

ssh-keygen -t ed25519

You can accept the default name for the key (just hit Enter), and then you have to choose a passphrase:

image-1637860426985.png

Then you have to print the content of the public key, to connect on Curnagl using the password method (with UNIL password, and to execute the following command:

echo "PUBLIC_KEY" >> ~/.ssh/authorized_keys

(of course replace PUBLIC_KEY in the previous command with the value of you public key pasted from the terminal)

Once this is done, you can exit the session, and connect again. This time the passphrase of the SSH key will be asked instead of your UNIL account password:

image-1637860990146.png