This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
hpc:access_the_hpc_clusters [2024/02/05 09:29] Adrien Albert [ssh key] |
hpc:access_the_hpc_clusters [2024/03/01 10:23] (current) Adrien Albert [SSH tunnel and socks proxy] |
||
---|---|---|---|
Line 63: | Line 63: | ||
=== ssh key === | === ssh key === | ||
If you want to authenticate to the cluster using your ssh key: | If you want to authenticate to the cluster using your ssh key: | ||
+ | |||
+ | |||
+ | <WRAP center round info 80%> | ||
+ | 1. For security mesure AuthorizedKeyFile has been disabled to prevent any non registered at unige to log In. \\ | ||
+ | 2. The SshPublicKey must be registered in Active Directory. (it's like the AuthorizedKeyFile is binded to your Unige identity ) \\ | ||
+ | 3. The UNIGE active directory synchronize the ssh key every 10/15 min. \\ | ||
+ | 4. More information on [[https:// | ||
+ | </ | ||
+ | |||
**1. Generate your ssh-key** (We strongly recommand create it with password/ | **1. Generate your ssh-key** (We strongly recommand create it with password/ | ||
Line 75: | Line 84: | ||
- | <note tip>The UNIGE active directory synchronize the ssh key every 10/15 min. More information on [[https:// | ||
Line 200: | Line 208: | ||
===== SSH tunnel and socks proxy ===== | ===== SSH tunnel and socks proxy ===== | ||
- | The login* nodes have a firewall that prevent incomming connection other than ssh. | + | If you want running JupyterLab or VScodeServer you may be interested by [[hpc: |
- | If you need to access a service from the cluster such as a jupyternotebook, | ||
- | [[https:// | ||
+ | |||
+ | |||
+ | The **login** nodes have a firewall that prevent incomming connection other than ssh. | ||
+ | |||
+ | If you need to access a service from the cluster, please follow the: | ||
+ | |||
+ | |||
+ | |||
+ | **1.** On your local machine, Save old ssh key and create a new one | ||
+ | < | ||
+ | $ mkdir ~/.ssh/old | ||
+ | $ mv ~/ | ||
+ | $ ssh-keygen | ||
+ | </ | ||
+ | |||
+ | On the cluster, make sure you have not id_rsa key file (make a back up too) | ||
+ | |||
+ | **2.** Copy the rsa.pub in [[https:// | ||
+ | the following command on login node should print your public ssh key registered in the AD: | ||
+ | |||
+ | (baobab)-[alberta@login2 ~]$ / | ||
+ | ssh-rsa | ||
+ | |||
+ | **3.** On your local machine configure the proxyjump: | ||
+ | < | ||
+ | [alberta@localhost ~]$ cat .ssh/ | ||
+ | |||
+ | host baobab | ||
+ | | ||
+ | User alberta | ||
+ | |||
+ | Host cpu* | ||
+ | | ||
+ | User alberta | ||
+ | | ||
+ | |||
+ | Host gpu* | ||
+ | | ||
+ | User alberta | ||
+ | | ||
+ | |||
+ | |||
+ | [alberta@localhost ~]$ cat .ssh/ | ||
+ | |||
+ | host yggdrasil | ||
+ | | ||
+ | User alberta | ||
+ | |||
+ | Host cpu* | ||
+ | | ||
+ | User alberta | ||
+ | | ||
+ | |||
+ | Host gpu* | ||
+ | | ||
+ | User alberta | ||
+ | | ||
+ | |||
+ | </ | ||
+ | |||
+ | |||
+ | **4.** Alloc a test job and open a new tab on your local machine and try to connect on the allocated node: | ||
+ | |||
+ | **On baobab:** | ||
+ | < | ||
+ | (baobab)-[alberta@login2 ~]$ salloc --time=00: | ||
+ | salloc: Pending job allocation 5574654 | ||
+ | salloc: job 5574654 queued and waiting for resources | ||
+ | salloc: job 5574654 has been allocated resources | ||
+ | salloc: Granted job allocation 5574654 | ||
+ | salloc: Waiting for resource configuration | ||
+ | salloc: Nodes cpu001 are ready for job | ||
+ | </ | ||
+ | |||
+ | At the same time On your local machine, connect to the compute with selecting the right ssh config file (For this example: Baobab): | ||
+ | ( My first test was on cpu026 this is the message a i got) | ||
+ | |||
+ | |||
+ | < | ||
+ | [alberta@localhost .ssh]$ ssh -F .ssh/ | ||
+ | The authenticity of host ' | ||
+ | RSA key fingerprint is SHA256: | ||
+ | RSA key fingerprint is MD5: | ||
+ | Are you sure you want to continue connecting (yes/no)? yes | ||
+ | Warning: Permanently added ' | ||
+ | Last login: Tue Oct 24 10:49:29 2023 | ||
+ | Installed: Thu Aug 17 14:40:08 CEST 2023 | ||
+ | </ | ||
+ | |||
+ | |||
+ | But working on cpu001 as well: | ||
+ | |||
+ | |||
+ | < | ||
+ | [alberta@localhost ~]$ ssh -F .ssh/ | ||
+ | Last login: Mon Oct 23 16:43:34 2023 | ||
+ | Installed: Thu Aug 17 14:28:26 CEST 2023 | ||
+ | (baobab)-[alberta@cpu001 ~]$ | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | More Information on HPC-community forum: | ||
+ | |||
+ | [[https:// | ||
+ | [[https:// | ||
+ | </ | ||
===== Troubleshooting ===== | ===== Troubleshooting ===== | ||