eResearch Doc

User Tools

Site Tools

You are here: start » hpc » access_the_hpc_clusters
hpc:access_the_hpc_clusters

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
hpc:access_the_hpc_clusters [2023/09/04 14:31]
Adrien Albert [ssh key] 		hpc:access_the_hpc_clusters [2024/03/01 10:23] (current)
Adrien Albert [SSH tunnel and socks proxy]
Line 60: Line 60:
  
 You can access the clusters from anywhere through ''ssh'' with your [[https://catalogue-si.unige.ch/isis|ISIs]] account and password. You can access the clusters from anywhere through ''ssh'' with your [[https://catalogue-si.unige.ch/isis|ISIs]] account and password.
 +
 +=== ssh key ===
 +If you want to authenticate to the cluster using your ssh key:
 +
 +
 +<WRAP center round info 80%>
 +1. For security mesure AuthorizedKeyFile has been disabled to prevent any non registered at unige to log In. \\
 +2. The SshPublicKey must be registered in Active Directory. (it's like the AuthorizedKeyFile is binded to your Unige identity )  \\
 +3. The UNIGE active directory synchronize the ssh key every 10/15 min. \\
 +4. More information on [[https://hpc-community.unige.ch/t/authentication-modification-sshpublickey-managment/3011]]  
 +</WRAP>
 +
 +
 +**1. Generate your ssh-key** (We strongly recommand create it with password/passprhase for more security) by following this documentation (multiplatform):
 +[[https://helpdeskgeek.com/how-to/how-to-generate-ssh-keys-on-windows-mac-and-linux/]]
 +
 +
 +**2. Update your public** key to your Isis profile by uptdating "My SSH public key" on:
 +  * [[https://my-account.unige.ch|my-account]] for Unige/external users.
 +  * [[https://applicant.unige.ch/main/outsider-info/update|applicant]] for Outsider users.
 +
 +**Note**: Make sure you copy the public ssh key linked to the private key you're going to use. If you have regenerated your ssh key, you'll need to put your public key in [[https://my-account.unige.ch|my-account]] or [[https://applicant.unige.ch/main/outsider-info/update|applicant]]
 +
 +
  
  
Line 135: Line 159:
 Just type your password and press enter, everything will be fine. Just type your password and press enter, everything will be fine.
  
-=== ssh key === 
-If you want to authenticate to the cluster using your ssh key: 
- 
-**1. Generate your ssh-key** (We strongly recommand create i with password/passprhase for more security) by following this documentation provided by RedHat: 
-[[https://www.redhat.com/sysadmin/configure-ssh-keygen]] 
- 
- 
-**2. Update your public** key to your Isis profile by uptdating "My SSH public key" on [[https://my-account.unige.ch|my-account]].  
- 
-**Note**: Make sure you copy the public ssh key linked to the private key you're going to use. If you have regenerated your ssh key, you'll need to put your public key in [[https://my-account.unige.ch|my-account]] 
- 
- 
-<note tip>The UNIGE active directory synchronize itself with this application everyday at 1:30PM and 5:00AM. Your ssh key will be updated at these times. </note> 
  
  
Line 197: Line 208:
  
 ===== SSH tunnel and socks proxy ===== ===== SSH tunnel and socks proxy =====
-The login* nodes have a firewall that prevent incomming connection other than ssh.+If you want running JupyterLab or VScodeServer you may be interested by  [[hpc:how_to_use_openondemand|OpenOnDemand]]
  
-If you need to access a service from the cluster such as a jupyternotebook, please follow the  
-[[https://hpc-community.unige.ch/t/tutorial-ssh-tunneling-and-socks-proxy/1795|tutorial we wrote here]]. 
  
 +
 +
 +The **login** nodes have a firewall that prevent incomming connection other than ssh.
 +
 +If you need to access a service from the cluster, please follow the:
 +
 +
 +
 +**1.** On your local machine, Save old ssh key and create a new one
 +<code>
 +$ mkdir ~/.ssh/old
 +$ mv ~/.ssh/ ~/.ssh/old
 +$ ssh-keygen
 +</code>
 +
 +On the cluster, make sure you have not id_rsa key file (make a back up too)
 +
 +**2.** Copy the rsa.pub in [[https://my-account.unige.ch/main/home]] (for Unige Account) [[https://applicant.unige.ch/]] (for Outsider Account) and wait for 5-10 min the synchronisation with AD is done. 
 +the following command on login node should print your public ssh key registered in the AD:
 +
 +  (baobab)-[alberta@login2 ~]$ /usr/bin/sss_ssh_authorizedkeys $USER
 +  ssh-rsa  [...]
 +
 +**3.** On your local machine configure the proxyjump:
 +<code>
 +[alberta@localhost ~]$ cat .ssh/config_baobab 
 +
 +host baobab
 +   HostName login2.baobab.hpc.unige.ch
 +   User alberta
 +
 +Host cpu*
 +   HostName %h
 +   User alberta
 +   ProxyJump baobab
 +
 +Host gpu*
 +   HostName %h
 +   User alberta
 +   ProxyJump baobab
 +
 +
 +[alberta@localhost ~]$ cat .ssh/config_yggdrasil 
 +
 +host yggdrasil
 +   HostName login1.yggdrasil.hpc.unige.ch
 +   User alberta
 +   
 +Host cpu*
 +   HostName %h
 +   User alberta
 +   ProxyJump yggdrasil
 +
 +Host gpu*
 +   HostName %h
 +   User alberta
 +   ProxyJump yggdrasil
 +
 +</code>
 +
 +
 +**4.** Alloc a test job and open a new tab on your local machine and try to connect on the allocated node: 
 +
 +**On baobab:**
 +<code>
 +(baobab)-[alberta@login2 ~]$ salloc --time=00:05:00
 +salloc: Pending job allocation 5574654
 +salloc: job 5574654 queued and waiting for resources
 +salloc: job 5574654 has been allocated resources
 +salloc: Granted job allocation 5574654
 +salloc: Waiting for resource configuration
 +salloc: Nodes cpu001 are ready for job
 +</code>
 +
 +At the same time On your local machine, connect to the compute with selecting the right ssh config file (For this example: Baobab):
 +( My first test was on cpu026 this is the message a i got)
 +
 +
 +<code>
 +[alberta@localhost .ssh]$ ssh -F .ssh/config_baobab cpu026
 +The authenticity of host 'cpu026 (<no hostip for proxy command>)' can't be established.
 +RSA key fingerprint is SHA256:tKqp4nljL+EGVKl8T0VF2nS36DkHVFMpLxQOPg/gKvg.
 +RSA key fingerprint is MD5:8f:75:c4:18:8a:75:f1:f1:19:4d:85:92:3b:b6:2a:e1.
 +Are you sure you want to continue connecting (yes/no)? yes
 +Warning: Permanently added 'cpu026' (RSA) to the list of known hosts.
 +Last login: Tue Oct 24 10:49:29 2023
 +Installed: Thu Aug 17 14:40:08 CEST 2023
 +</code>
 +
 +
 +But working on cpu001 as well:
 +
 +
 +<code>
 +[alberta@localhost ~]$ ssh -F .ssh/config_baobab cpu001
 +Last login: Mon Oct 23 16:43:34 2023
 +Installed: Thu Aug 17 14:28:26 CEST 2023
 +(baobab)-[alberta@cpu001 ~]$
 +</code>
 +
 +<note>
 +More Information on HPC-community forum:
 +
 +[[https://hpc-community.unige.ch/t/tutorial-ssh-tunneling-and-socks-proxy/1795]]
 +[[https://hpc-community.unige.ch/t/proxyjump-ssh-not-working-on-baobab/3078/15]]
 +</note>
 ===== Troubleshooting ===== ===== Troubleshooting =====
  
hpc/access_the_hpc_clusters.1693830689.txt.gz · Last modified: 2023/09/04 14:31 by Adrien Albert

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution 4.0 International
CC Attribution 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki