eResearch Doc

User Tools

Site Tools

You are here: start » hpc » access_the_hpc_clusters
hpc:access_the_hpc_clusters

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
hpc:access_the_hpc_clusters [2024/02/05 09:29]
Adrien Albert [ssh key] 		hpc:access_the_hpc_clusters [2024/03/01 10:23] (current)
Adrien Albert [SSH tunnel and socks proxy]
Line 63: Line 63:
 === ssh key === === ssh key ===
 If you want to authenticate to the cluster using your ssh key: If you want to authenticate to the cluster using your ssh key:
 +
 +
 +<WRAP center round info 80%>
 +1. For security mesure AuthorizedKeyFile has been disabled to prevent any non registered at unige to log In. \\
 +2. The SshPublicKey must be registered in Active Directory. (it's like the AuthorizedKeyFile is binded to your Unige identity )  \\
 +3. The UNIGE active directory synchronize the ssh key every 10/15 min. \\
 +4. More information on [[https://hpc-community.unige.ch/t/authentication-modification-sshpublickey-managment/3011]]  
 +</WRAP>
 +
  
 **1. Generate your ssh-key** (We strongly recommand create it with password/passprhase for more security) by following this documentation (multiplatform): **1. Generate your ssh-key** (We strongly recommand create it with password/passprhase for more security) by following this documentation (multiplatform):
Line 75: Line 84:
  
  
-<note tip>The UNIGE active directory synchronize the ssh key every 10/15 min. More information on [[https://hpc-community.unige.ch/t/authentication-modification-sshpublickey-managment/3011]] </note> 
  
  
Line 200: Line 208:
  
 ===== SSH tunnel and socks proxy ===== ===== SSH tunnel and socks proxy =====
-The login* nodes have a firewall that prevent incomming connection other than ssh.+If you want running JupyterLab or VScodeServer you may be interested by  [[hpc:how_to_use_openondemand|OpenOnDemand]]
  
-If you need to access a service from the cluster such as a jupyternotebook, please follow the  
-[[https://hpc-community.unige.ch/t/tutorial-ssh-tunneling-and-socks-proxy/1795|tutorial we wrote here]]. 
  
 +
 +
 +The **login** nodes have a firewall that prevent incomming connection other than ssh.
 +
 +If you need to access a service from the cluster, please follow the:
 +
 +
 +
 +**1.** On your local machine, Save old ssh key and create a new one
 +<code>
 +$ mkdir ~/.ssh/old
 +$ mv ~/.ssh/ ~/.ssh/old
 +$ ssh-keygen
 +</code>
 +
 +On the cluster, make sure you have not id_rsa key file (make a back up too)
 +
 +**2.** Copy the rsa.pub in [[https://my-account.unige.ch/main/home]] (for Unige Account) [[https://applicant.unige.ch/]] (for Outsider Account) and wait for 5-10 min the synchronisation with AD is done. 
 +the following command on login node should print your public ssh key registered in the AD:
 +
 +  (baobab)-[alberta@login2 ~]$ /usr/bin/sss_ssh_authorizedkeys $USER
 +  ssh-rsa  [...]
 +
 +**3.** On your local machine configure the proxyjump:
 +<code>
 +[alberta@localhost ~]$ cat .ssh/config_baobab 
 +
 +host baobab
 +   HostName login2.baobab.hpc.unige.ch
 +   User alberta
 +
 +Host cpu*
 +   HostName %h
 +   User alberta
 +   ProxyJump baobab
 +
 +Host gpu*
 +   HostName %h
 +   User alberta
 +   ProxyJump baobab
 +
 +
 +[alberta@localhost ~]$ cat .ssh/config_yggdrasil 
 +
 +host yggdrasil
 +   HostName login1.yggdrasil.hpc.unige.ch
 +   User alberta
 +   
 +Host cpu*
 +   HostName %h
 +   User alberta
 +   ProxyJump yggdrasil
 +
 +Host gpu*
 +   HostName %h
 +   User alberta
 +   ProxyJump yggdrasil
 +
 +</code>
 +
 +
 +**4.** Alloc a test job and open a new tab on your local machine and try to connect on the allocated node: 
 +
 +**On baobab:**
 +<code>
 +(baobab)-[alberta@login2 ~]$ salloc --time=00:05:00
 +salloc: Pending job allocation 5574654
 +salloc: job 5574654 queued and waiting for resources
 +salloc: job 5574654 has been allocated resources
 +salloc: Granted job allocation 5574654
 +salloc: Waiting for resource configuration
 +salloc: Nodes cpu001 are ready for job
 +</code>
 +
 +At the same time On your local machine, connect to the compute with selecting the right ssh config file (For this example: Baobab):
 +( My first test was on cpu026 this is the message a i got)
 +
 +
 +<code>
 +[alberta@localhost .ssh]$ ssh -F .ssh/config_baobab cpu026
 +The authenticity of host 'cpu026 (<no hostip for proxy command>)' can't be established.
 +RSA key fingerprint is SHA256:tKqp4nljL+EGVKl8T0VF2nS36DkHVFMpLxQOPg/gKvg.
 +RSA key fingerprint is MD5:8f:75:c4:18:8a:75:f1:f1:19:4d:85:92:3b:b6:2a:e1.
 +Are you sure you want to continue connecting (yes/no)? yes
 +Warning: Permanently added 'cpu026' (RSA) to the list of known hosts.
 +Last login: Tue Oct 24 10:49:29 2023
 +Installed: Thu Aug 17 14:40:08 CEST 2023
 +</code>
 +
 +
 +But working on cpu001 as well:
 +
 +
 +<code>
 +[alberta@localhost ~]$ ssh -F .ssh/config_baobab cpu001
 +Last login: Mon Oct 23 16:43:34 2023
 +Installed: Thu Aug 17 14:28:26 CEST 2023
 +(baobab)-[alberta@cpu001 ~]$
 +</code>
 +
 +<note>
 +More Information on HPC-community forum:
 +
 +[[https://hpc-community.unige.ch/t/tutorial-ssh-tunneling-and-socks-proxy/1795]]
 +[[https://hpc-community.unige.ch/t/proxyjump-ssh-not-working-on-baobab/3078/15]]
 +</note>
 ===== Troubleshooting ===== ===== Troubleshooting =====
  
hpc/access_the_hpc_clusters.1707121757.txt.gz · Last modified: 2024/02/05 09:29 by Adrien Albert

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution 4.0 International
CC Attribution 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki