eResearch Doc

User Tools

Site Tools

You are here: start » hpc » access_the_hpc_clusters
hpc:access_the_hpc_clusters

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
hpc:access_the_hpc_clusters [2024/02/12 16:23]
Adrien Albert [SSH tunnel and socks proxy] 		hpc:access_the_hpc_clusters [2024/03/01 10:23] (current)
Adrien Albert [SSH tunnel and socks proxy]
Line 63: Line 63:
 === ssh key === === ssh key ===
 If you want to authenticate to the cluster using your ssh key: If you want to authenticate to the cluster using your ssh key:
 +
 +
 +<WRAP center round info 80%>
 +1. For security mesure AuthorizedKeyFile has been disabled to prevent any non registered at unige to log In. \\
 +2. The SshPublicKey must be registered in Active Directory. (it's like the AuthorizedKeyFile is binded to your Unige identity )  \\
 +3. The UNIGE active directory synchronize the ssh key every 10/15 min. \\
 +4. More information on [[https://hpc-community.unige.ch/t/authentication-modification-sshpublickey-managment/3011]]  
 +</WRAP>
 +
  
 **1. Generate your ssh-key** (We strongly recommand create it with password/passprhase for more security) by following this documentation (multiplatform): **1. Generate your ssh-key** (We strongly recommand create it with password/passprhase for more security) by following this documentation (multiplatform):
Line 75: Line 84:
  
  
-<note tip>The UNIGE active directory synchronize the ssh key every 10/15 min. More information on [[https://hpc-community.unige.ch/t/authentication-modification-sshpublickey-managment/3011]] </note> 
  
  
Line 200: Line 208:
  
 ===== SSH tunnel and socks proxy ===== ===== SSH tunnel and socks proxy =====
-The login* nodes have a firewall that prevent incomming connection other than ssh.+If you want running JupyterLab or VScodeServer you may be interested by  [[hpc:how_to_use_openondemand|OpenOnDemand]]
  
-If you need to access a service from the cluster such as a jupyternotebook, please follow the  
-[[https://hpc-community.unige.ch/t/tutorial-ssh-tunneling-and-socks-proxy/1795|tutorial we wrote here]]. 
  
  
-1.  On your local machine, Save old ssh key and create a new one+ 
 +The **login** nodes have a firewall that prevent incomming connection other than ssh. 
 + 
 +If you need to access a service from the cluster, please follow the: 
 + 
 + 
 + 
 +**1.** On your local machine, Save old ssh key and create a new one
 <code> <code>
 $ mkdir ~/.ssh/old $ mkdir ~/.ssh/old
Line 215: Line 228:
 On the cluster, make sure you have not id_rsa key file (make a back up too) On the cluster, make sure you have not id_rsa key file (make a back up too)
  
-2. Copy the rsa.pub in [[https://my-account.unige.ch/main/home]] (for Unige Account) [[https://applicant.unige.ch/]] (for Outsider Account) and wait for 5-10 min the synchronisation with AD is done.  +**2.** Copy the rsa.pub in [[https://my-account.unige.ch/main/home]] (for Unige Account) [[https://applicant.unige.ch/]] (for Outsider Account) and wait for 5-10 min the synchronisation with AD is done.  
-the following command on login node should print your public ssh key registered in the AD+the following command on login node should print your public ssh key registered in the AD:
-(baobab)-[alberta@login2 ~]$ /usr/bin/sss_ssh_authorizedkeys $USER +
-ssh-rsa  [...]+
  
-3 On your local machine configure the proxyjump:+  (baobab)-[alberta@login2 ~]$ /usr/bin/sss_ssh_authorizedkeys $USER 
 +  ssh-rsa  [...] 
 + 
 +**3.** On your local machine configure the proxyjump:
 <code> <code>
 [alberta@localhost ~]$ cat .ssh/config_baobab  [alberta@localhost ~]$ cat .ssh/config_baobab 
  
-host bao+host baobab
    HostName login2.baobab.hpc.unige.ch    HostName login2.baobab.hpc.unige.ch
    User alberta    User alberta
Line 231: Line 245:
    HostName %h    HostName %h
    User alberta    User alberta
-   ProxyJump bao+   ProxyJump baobab
  
 Host gpu* Host gpu*
    HostName %h    HostName %h
    User alberta    User alberta
-   ProxyJump bao+   ProxyJump baobab
  
  
Line 257: Line 271:
 </code> </code>
  
-4. copy your  public in the authorized_key_file by running (Make sure to do it for all cluster): 
-<code> 
-[alberta@localhost .ssh]$ ssh-copy-id -f login2.baobab.hpc.unige.ch 
-/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/alberta/.ssh/id_rsa.pub" 
- 
-Number of key(s) added: 1 
- 
-Now try logging into the machine, with:   "ssh 'login2.baobab.hpc.unige.ch'" 
-and check to make sure that only the key(s) you wanted were added. 
-<code> 
- 
-I check and my authorized key files on clusters contains my last key (and others) 
- 
-5. Alloc a test job and open a new tab on your local machine and try to connect on the allocated node:  
- 
-:warning: Make sure your test is on Baobab cluster 
  
 +**4.** Alloc a test job and open a new tab on your local machine and try to connect on the allocated node: 
  
-On baobab:+**On baobab:**
 <code> <code>
 (baobab)-[alberta@login2 ~]$ salloc --time=00:05:00 (baobab)-[alberta@login2 ~]$ salloc --time=00:05:00
Line 286: Line 285:
 </code> </code>
  
-At the same time On your local machine:+At the same time On your local machine, connect to the compute with selecting the right ssh config file (For this example: Baobab):
 ( My first test was on cpu026 this is the message a i got) ( My first test was on cpu026 this is the message a i got)
  
  
 <code> <code>
-[alberta@localhost .ssh]$ ssh cpu026+[alberta@localhost .ssh]$ ssh -F .ssh/config_baobab cpu026
 The authenticity of host 'cpu026 (<no hostip for proxy command>)' can't be established. The authenticity of host 'cpu026 (<no hostip for proxy command>)' can't be established.
 RSA key fingerprint is SHA256:tKqp4nljL+EGVKl8T0VF2nS36DkHVFMpLxQOPg/gKvg. RSA key fingerprint is SHA256:tKqp4nljL+EGVKl8T0VF2nS36DkHVFMpLxQOPg/gKvg.
Line 306: Line 305:
  
 <code> <code>
-[alberta@localhost ~]$ ssh cpu001+[alberta@localhost ~]$ ssh -F .ssh/config_baobab cpu001
 Last login: Mon Oct 23 16:43:34 2023 Last login: Mon Oct 23 16:43:34 2023
 Installed: Thu Aug 17 14:28:26 CEST 2023 Installed: Thu Aug 17 14:28:26 CEST 2023
 (baobab)-[alberta@cpu001 ~]$ (baobab)-[alberta@cpu001 ~]$
 </code> </code>
 +
 +<note>
 +More Information on HPC-community forum:
 +
 +[[https://hpc-community.unige.ch/t/tutorial-ssh-tunneling-and-socks-proxy/1795]]
 +[[https://hpc-community.unige.ch/t/proxyjump-ssh-not-working-on-baobab/3078/15]]
 +</note>
 ===== Troubleshooting ===== ===== Troubleshooting =====
  
hpc/access_the_hpc_clusters.1707751410.txt.gz · Last modified: 2024/02/12 16:23 by Adrien Albert

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution 4.0 International
CC Attribution 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki