Differences

This shows you the differences between two versions of the page.

--- hpc:access_the_hpc_clusters [2025/04/23 11:08] – [External Account] Adrien Albert
+++ hpc:access_the_hpc_clusters [2025/07/10 14:42] (current) – [Outsider Account] Adrien Albert
@@ Line 13: / Line 13: @@
 <note important>
-Each HPC account in linked to a Primary Investigator (PI)/repondant or responsable (different terms but same purpose). A PI  is a member of the University of Geneva (Unige) who invites and takes responsibility for an user’s access to the HPC service. The PI(repondant) ensures that the access is justified, appropriate, and compliant with university policies.
+Each HPC account in linked to a Primary Investigator (PI)(=repondant = responsable (different terms but same purpose)). A PI  is a member of the University of Geneva (Unige) who invites and takes responsibility for an user’s access to the HPC service. The PI(repondant) ensures that the access is justified, appropriate, and compliant with university policies.
 </note>
@@ Line 27: / Line 27: @@
 ==== External Account ====
-An **external account** is intended for collaborators from other institutions who are working closely with Unige researchers. (if you only need an HPC access [[hpc:access_the_hpc_clusters#|Outsiders account]] is more appropriated)
+An **external account** is intended for collaborators from other institutions who are working closely with Unige researchers. (if you only need an HPC access [[hpc:access_the_hpc_clusters#outsider_account|Outsiders account]] is more appropriated)
 **How to request one:**
@@ Line 37: / Line 37: @@
 ==== Outsider Account ====
-An **Outsider** is a person external to Unige who has been invited by a **PI** (repondant or researcher) specifically to use the HPC service. This lightweight account is limited to HPC access and avoids standard administrative procedures. (24h waiting time to get an account)
+An **Outsider** is a person external to Unige who has been invited by a **PI** specifically to use the HPC service. This lightweight account is limited to HPC access and avoids standard administrative procedures. (24h waiting time to get an account)
 **Key details:**
-  - Authentication is done via the SSH key (only) provided during the invitation process
+  - Authentication is done via the SSH Public Key (only) provided during the invitation process  (Authentication with password is disabled)
   - SSH key can be updated at any time: [[https://applicant.unige.ch/main/outsider-info/update|Update your SSH key]]
   - SSH key updates are applied daily at 1:30 PM and 5:00 AM via the UNIGE Active Directory
@@ Line 52: / Line 52: @@
   -   The email address of the future Outsider
-  -   Selection of the appropriate service (*High-Performance Computing*)
+  -   Selection of the appropriate service (**High-Performance Computing**)
   -   Setting an expiration date (maximum 1 year)
   -   An optional note for the guest
@@ Line 58: / Line 58: @@
 Once invited, the future Outsider will receive an email with detailed instructions to finalize their registration.
-(*Tip: read it carefully!*)
+(**Tip: read it carefully!**)
 **To renew an expired Outsider account, a new invitation must be created.**
@@ Line 110: / Line 110: @@
 **Note**: Make sure you copy the public ssh key linked to the private key you're going to use. If you have regenerated your ssh key, you'll need to put your public key in [[https://my-account.unige.ch|my-account]] or [[https://applicant.unige.ch/main/outsider-info/update|applicant]]
+=== multiple ssh key ===
+It is possible to register multiple SSH public keys on the authentication server. However, [[https://my-account.unige.ch/|my-account.unige.ch]] does not allow this at the moment (work in progress). In the meantime, please send your request to the LDAP team directly at dl-distic-windows-team@unige.ch.
+<WRAP center round important 60%>
+After requesting an additional sshPublicKey, if you update it via my-account, all previous references will be overwritten.
+</WRAP>
@@ Line 265: / Line 273: @@
   (baobab)-[alberta@login1 ~]$ /usr/bin/sss_ssh_authorizedkeys $USER
   ssh-rsa  [...]
+Only for tunneling: Once the configured you MUST save this SSHpublicKey in your ssh_authorizedkeys on Cluster.
+  $ ssh-copy-id <ssh.pub> <users>@login1.<cluster>.hpc.unige.ch
 **3.** On your local machine configure the proxyjump:
@@ Line 342: / Line 354: @@
 (baobab)-[alberta@cpu001 ~]$
 </code>
+===== Alternative to using ProxyJump =====
+ProxyJump doesn't work with host based authentication, this is the reason why you need to use a ssh key in the previous setup. The reason is because ProxyJump doesn't open a real ssh session and thus the ssh-keysign isn't run when you connect. Instead of using ProxyJump, you can proceed as follow:
+<code>
+Host baobab
+    HostName login1.baobab.hpc.unige.ch
+    User <youruser>
+Host cpu*
+    HostName %h
+    User <youruser>
+    ProxyCommand ssh -tt baobab ssh %r@%h
+</code>
+Usage: ssh cpu001
 <note>
 More Information on HPC-community forum: