From 9684118888a56233b198762ae4e37d87afc91079 Mon Sep 17 00:00:00 2001 From: Georgios Kafanas Date: Mon, 15 Jul 2024 17:14:11 +0200 Subject: [PATCH] [REFACTOR:ssh] Add section about SSH jumps in the SSH documentation --- docs/connect/ssh.md | 20 ++++++++++++++++++++ docs/services/jupyter.md | 2 +- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/docs/connect/ssh.md b/docs/connect/ssh.md index 6be75871..4052c3d6 100644 --- a/docs/connect/ssh.md +++ b/docs/connect/ssh.md @@ -500,6 +500,26 @@ You can forward a remote port back to a host protected by your firewall. By using the `-g` parameter, you allow connections from other hosts than localhost to use your SSH tunnels. Be warned that anybody within your network may access the tunnelized host this way, which may be a security issue. +### SSH jumps + +Compute nodes are not directly accessible through the network. To login into a cluster node you will need to jump through a login node. The ssh agent is [not configured in the login nodes](#on-ulhpc-clusters) for security reasons. To configure a jump to a compute node, you will need to install a key in your ssh configuration. Create a key in your local machine, +```bash +ssh-keygen -a 127 -t ed25519 -f ~/.ssh/hpc_id_ed25519 +``` +and then copy both the private and public keys in your HPC account, +```bash +scp ~/.ssh/hpc_id_ed25519* aion-cluster:~/.ssh/ +``` +where the command assumes that you have setup your [SSH configuration file](#ssh-configuration). Finally, add the key to the list of authorized keys: +```bash +ssh-copy-id -i ~/.ssh/hpc_id_ed25519 aion-cluster +``` +Then you can connect to any compute node to which you have a job running with the command: +```bash +ssh -i ~/.ssh/hpc_id_ed25519 -J ${USER}@access-aion.uni.lu:8022 ${USER}@ +``` + + Usually the node address can be the node IP of the node name. You can combine this command with other options, such as [port forwarding](#ssh-port-forwarding), for instance to access a web server running in a compute node. ## Extras Tools around SSH diff --git a/docs/services/jupyter.md b/docs/services/jupyter.md index b6d45d38..345b9088 100644 --- a/docs/services/jupyter.md +++ b/docs/services/jupyter.md @@ -85,7 +85,7 @@ The following script is an example how to proceed: jupyter lab list jupyter --paths jupyter kernelspec list - echo "Enter this command on your laptop: ssh -p 8022 -NL 8888:$(hostname -i):8888 ${USER}@access-iris.uni.lu " > notebook.log + echo "Enter this command on your laptop: ssh -i ~/.ssh/hpc_id_ed25519 -J ${USER}@access-iris.uni.lu:8022 -L 8888:$(hostname -i):8888 ${USER}@$(hostname -i)" > notebook.log wait $pid ```