Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
en:services:application_services:high_performance_computing:connect_with_ssh [2021/02/22 11:01] – [Connecting to the System outside GÖNET] mbodenen:services:application_services:high_performance_computing:connect_with_ssh [2024/02/14 11:22] (current) – [Creating SSH Keys] update key length mluetti2
Line 1: Line 1:
 +====== Connect with SSH ======
 +To access the Scientific Compute Cluster, you need 
 +  - an [[en:services:application_services:high_performance_computing:account_activation|activated, *non-student* account]]
 +  - an SSH client
 +
 +Please note, that you can only connect to our frontends from inside the [[en:services:network_services:goenet:start|GÖNET]], our campus network. If you are not inside GÖNET, you can either use a [[en:services:network_services:vpn:start|VPN]] or connect to ''login.gwdg.de'' as a jump host.
 +
 +Since May 15th, 2020, authentication by password has been deactivated for security reasons. To log on to the frontends an SSH key is required.
 +
 +==== Graphical Applications ====
 +
 +This documentation shows how to generate SSH keys and connect with the ssh client on the command line in Linux, MacOS and Windows 10. If you want to use a graphical application to connect, please refer to [[en:services:application_services:high_performance_computing:connect_with_ssh:mobaxterm|MobaXterm]] and [[en:services:application_services:high_performance_computing:connect_with_ssh:putty|PuTTY]].
 +
 +==== Troubleshooting ====
 +
 +If you have followed these steps and still have trouble to connect to our servers, have a look at [[en:services:application_services:high_performance_computing:connect_with_ssh:common_problems|Common SSH Problems]].
 +
 +
 +===== Creating SSH Keys =====
 +
 +On Linux, macOS and the latest Windows 10 Versions SSH is already built in. A key can be generated with the command ''ssh-keygen -t rsa -b 4096 -f <yourkey>''. As soon as you enter the command you will be asked to secure the key with a passphrase. Please do not use keys without a passphrase to log in to our systems.
 +<code>
 +PS C:\Users\win10-virtual> ssh-keygen -t rsa -b 4096
 +Generating public/private rsa key pair.
 +Enter file in which to save the key (C:\Users\win10-virtual/.ssh/id_rsa):
 +Created directory 'C:\Users\win10-virtual/.ssh'.
 +Enter passphrase (empty for no passphrase): ******************
 +Enter same passphrase again: ******************
 +Your identification has been saved in C:\Users\win10-virtual/.ssh/id_rsa.
 +Your public key has been saved in C:\Users\win10-virtual/.ssh/id_rsa.pub.
 +The key fingerprint is:
 +SHA256:JIFSfI6/QBdnUaVsjKdHIfCqw1yjZyk96KDp07MlvbM win10-virtual@DESKTOP-N8DT68R
 +The key's randomart image is:
 ++---[RSA 4096]----+
 +|   o..o.ooo..    |
 +|  . o ooo= o     |
 +|   . +.++ B      |
 +|    o o+ =       |
 +|   . o+ S .      |
 +|   oo*.o .       |
 +|  o.O+*.         |
 +| + =o*o.         |
 +|+...+Eo          |
 ++----[SHA256]-----+
 +</code>
 +This creates both the private key file <yourkey> and a corresponding public key file <yourkey>.pub (in the example: id_rsa and id_rsa.pub). Never give out your private key, but always upload only the public key!
 +
 +===== Creating SSH Keys with puttygen =====
 +[[https://docs.gwdg.de/doku.php?id=en:services:application_services:high_performance_computing:connect_with_ssh:putty#creating_an_ssh_key_with_puttygen| Here is a description that provides information how to create an ssh key with puttygen]].
 +===== Upload SSH Public Key =====
 +To upload a key, please log into your account on the [[https://id.academiccloud.de|My AcademicID]] portal and open the "SECURITY" tab. Then scroll down to "SSH PUBLIC KEYS" and click "ADD SSH PUBLIC KEY". You can now add a **public** key. \\
 +**Note:** If you copy your public key from a text editor or a terminal, please make sure that your editor or terminal does not insert any linebreaks, because this will make the copy of your public key invalid.\\
 +\\
 +**<wrap em>Important</wrap>** It can take up to 10-60 minutes until the key is synchronised with the systems. If the login does not work, be patient and try again later.
 +===== Connecting to the System inside GÖNET =====
 +Just open a terminal and connect with 
 +''ssh -i <yourkey> <userid>@login-mdc.hpc.gwdg.de'' or ''ssh login-mdc.hpc.gwdg.de -l <userid> -i <yourkey>''
 +
 +===== Connecting to the System outside GÖNET =====
 +If you are outside the [[en:services:network_services:goenet:start|GÖNET]], e.g. not on campus and are not able to connect to the [[en:services:network_services:vpn:start|VPN]], you need to use login.gwdg.de as an SSH-gateway or jump host. For newer versions off SSH, this will work:
 +<code>
 +$ ssh login-mdc.hpc.gwdg.de -l <userid> -i .ssh/id-rsa -J <userid>@login.gwdg.de
 +Last login: Mon Apr 20 13:54:52 2020 from i080.vpnclients.gwdg.de
 +gwdu103:22 14:51:56 ~ > 
 +</code>
 +If that does not work on your system, you may have an older version of SSH, which means you need to use:
 +<code>
 +$ ssh login-mdc.hpc.gwdg.de -l <userid> -i .ssh/id-rsa -o ProxyCommand="ssh -i .ssh/id-rsa -W %h:%p <userid>@login.gwdg.de"
 +Last login: Mon Apr 20 13:54:52 2020 from i080.vpnclients.gwdg.de
 +gwdu103:22 14:51:56 ~ > 
 +</code>
 +
 +If you are using the **Windows** OpenSSH client, you need to add .exe to the ProxyCommand:
 +<code>
 +$ ssh login-mdc.hpc.gwdg.de -l <userid> -i .ssh/id-rsa -o ProxyCommand="ssh.exe -i .ssh/id-rsa -W %h:%p <userid>@login.gwdg.de"
 +Last login: Mon Apr 20 13:54:52 2020 from i080.vpnclients.gwdg.de
 +gwdu103:22 14:51:56 ~ > 
 +</code>
 +
 +===== Saving the SSH configuration =====
 +You can't be bothered to type all that everytime you want to connect to our frontends? Understandable. The good news is, you can use an SSH config to make your life easier.
 +
 +The SSH config is a simple text file, which stores per-server-configuration or even global configurations for all SSH connections and is located at:
 +  * ''${HOME}/.ssh/config'' on Linux and MacOS
 +  * ''%USERPROFILE%\.ssh\config'' on Windows 10
 +
 +<code Example ~/.ssh/config>
 +host gwdg-login #can be any name you want
 +  hostname login.gwdg.de
 +  user mboden
 +  IdentityFile ~/.ssh/id-rsa
 +  
 +host hpc-gwdg 
 +  hostname gwdu101
 +  user <userid>
 +  IdentityFile ~/.ssh/id-rsa
 +  ProxyJump gwdg-login
 +#  Older SSH Versions:
 +#  ProxyCommand ssh -i .ssh/id-rsa -W %h:%p gwdg-login
 +#  Windows 10
 +#  ProxyCommand ssh.exe -i .ssh/id-rsa -W %h:%p gwdg-login</code>
 +  
 +===== SSH Fingerprints of our Frontends =====
 +
 +login-mdc.hpc.gwdg.de (gwdu101 and gwdu102):
 +
 +  * ''MD5:b9:f9:46:0f:23:c8:8d:76:b9:83:b9:1b:f6:5e:d5:6b RSA''
 +  * ''MD5:7c:52:2b:17:f8:ba:29:bd:c5:45:d1:1a:9e:8d:d6:f0 ECDSA''
 +  * ''MD5:e3:ef:39:f5:df:4f:c2:e2:c4:d0:28:95:46:6c:56:39 ED25519''
 +  * ''SHA256:RMgbCZ58sWYfZZv5T2DE9bOAFfN06xm9aMw1MjzjvLM RSA''
 +  * ''SHA256:sIJNEepmILeEq/7Zqq4HCtpTM8L98arWTny5EiAX+gI ECDSA''
 +  * ''SHA256:Vylg/10HwDRxPUuOarcngRFH2jmDlnxWOqte7rnR3OI ED25519''