This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
hpc:access_the_hpc_clusters [2024/02/12 16:35] Adrien Albert [SSH tunnel and socks proxy] |
hpc:access_the_hpc_clusters [2024/03/01 10:23] (current) Adrien Albert [SSH tunnel and socks proxy] |
||
---|---|---|---|
Line 63: | Line 63: | ||
=== ssh key === | === ssh key === | ||
If you want to authenticate to the cluster using your ssh key: | If you want to authenticate to the cluster using your ssh key: | ||
+ | |||
+ | |||
+ | <WRAP center round info 80%> | ||
+ | 1. For security mesure AuthorizedKeyFile has been disabled to prevent any non registered at unige to log In. \\ | ||
+ | 2. The SshPublicKey must be registered in Active Directory. (it's like the AuthorizedKeyFile is binded to your Unige identity ) \\ | ||
+ | 3. The UNIGE active directory synchronize the ssh key every 10/15 min. \\ | ||
+ | 4. More information on [[https:// | ||
+ | </ | ||
+ | |||
**1. Generate your ssh-key** (We strongly recommand create it with password/ | **1. Generate your ssh-key** (We strongly recommand create it with password/ | ||
Line 75: | Line 84: | ||
- | <note tip>The UNIGE active directory synchronize the ssh key every 10/15 min. More information on [[https:// | ||
Line 200: | Line 208: | ||
===== SSH tunnel and socks proxy ===== | ===== SSH tunnel and socks proxy ===== | ||
- | If you want running JupyterLab or VScodeServer you may be interested by [[https:// | + | If you want running JupyterLab or VScodeServer you may be interested by [[hpc:how_to_use_openondemand|OpenOnDemand]] |
- | The login* nodes have a firewall that prevent incomming connection other than ssh. | + | The **login** nodes have a firewall that prevent incomming connection other than ssh. |
If you need to access a service from the cluster, please follow the: | If you need to access a service from the cluster, please follow the: | ||
Line 211: | Line 219: | ||
- | 1. On your local machine, Save old ssh key and create a new one | + | **1.** On your local machine, Save old ssh key and create a new one |
< | < | ||
$ mkdir ~/.ssh/old | $ mkdir ~/.ssh/old | ||
Line 220: | Line 228: | ||
On the cluster, make sure you have not id_rsa key file (make a back up too) | On the cluster, make sure you have not id_rsa key file (make a back up too) | ||
- | 2. Copy the rsa.pub in [[https:// | + | **2.** Copy the rsa.pub in [[https:// |
the following command on login node should print your public ssh key registered in the AD: | the following command on login node should print your public ssh key registered in the AD: | ||
Line 226: | Line 234: | ||
ssh-rsa | ssh-rsa | ||
- | 3 On your local machine configure the proxyjump: | + | **3.** On your local machine configure the proxyjump: |
< | < | ||
[alberta@localhost ~]$ cat .ssh/ | [alberta@localhost ~]$ cat .ssh/ | ||
Line 263: | Line 271: | ||
</ | </ | ||
- | 4. copy your public in the authorized_key_file by running (Make sure to do it for all cluster): | ||
- | < | ||
- | [alberta@localhost .ssh]$ ssh-copy-id -f login2.baobab.hpc.unige.ch | ||
- | / | ||
- | |||
- | Number of key(s) added: 1 | ||
- | |||
- | Now try logging into the machine, with: " | ||
- | and check to make sure that only the key(s) you wanted were added. | ||
- | < | ||
- | |||
- | I check and my authorized key files on clusters contains my last key (and others) | ||
- | |||
- | 5. Alloc a test job and open a new tab on your local machine and try to connect on the allocated node: | ||
- | |||
- | :warning: Make sure your test is on Baobab cluster | ||
+ | **4.** Alloc a test job and open a new tab on your local machine and try to connect on the allocated node: | ||
- | On baobab: | + | **On baobab:** |
< | < | ||
(baobab)-[alberta@login2 ~]$ salloc --time=00: | (baobab)-[alberta@login2 ~]$ salloc --time=00: | ||
Line 292: | Line 285: | ||
</ | </ | ||
- | At the same time On your local machine: | + | At the same time On your local machine, connect to the compute with selecting the right ssh config file (For this example: Baobab): |
( My first test was on cpu026 this is the message a i got) | ( My first test was on cpu026 this is the message a i got) | ||
< | < | ||
- | [alberta@localhost .ssh]$ ssh cpu026 | + | [alberta@localhost .ssh]$ ssh -F .ssh/ |
The authenticity of host ' | The authenticity of host ' | ||
RSA key fingerprint is SHA256: | RSA key fingerprint is SHA256: | ||
Line 312: | Line 305: | ||
< | < | ||
- | [alberta@localhost ~]$ ssh cpu001 | + | [alberta@localhost ~]$ ssh -F .ssh/ |
Last login: Mon Oct 23 16:43:34 2023 | Last login: Mon Oct 23 16:43:34 2023 | ||
Installed: Thu Aug 17 14:28:26 CEST 2023 | Installed: Thu Aug 17 14:28:26 CEST 2023 |