Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Draft - This page will serve as the provides general instructions for SSH Key Pair productionproducing and configuring SSH key pairs for authenticating to OrangeGrid and Zest. 

In most cases, users are able to utilize NetID/password combinations to authenticate to their desired cluster node. However, SSH key pairs, when configured, offer several key benefits including the elimination of passwords resulting in reduced risk of credential theft as well as the cryptographic strength of the keys themselves. 

Note
titleSecure Connection Required

Note that SSH connections, including those utilizing SSH key pairs, require a campus or secure connection (when off campus). Additional details about each cluster, including details for connecting off-campus, are available on the OrangeGrid (OG) | HT Condor and Zest | Slurm support pages. 

Warning
iconfalse
titleHead Node Code Execution

OrangeGrid and Zest are not intended to be used as a development environment. Activities on the cluster should be limited to submitting jobs, doing light editing with a text editor such as nano or vim, and running small tests that use a single core for no more than a few minutes. Avoid running code and processes directly on the node you are connected to as this can interfere with other users and, in some cases, impact the whole cluster

On This Page

Table of Contents
maxLevel3


Generating and Configuring SSH Key Pairs

Follow the steps below to configure  a new SSH key pair in anticipation of accessing a cluster with SSH. Once you have generated and configured your SSH key pair for the cluster, you do not have to do this step each time.

Note: These instructions are written generally for OpenSSH and some programs, such as VS Code, are not compatible with this configuration using alternative SSH solutions like PuTTY. 

Note
titleOpenSSH Compatible Client Required
Before proceeding, note that SSH key pair configuration requires an OpenSSH compatible SSH client (PuTTY is not supported). If you do not have administrative access to the device you are connecting with, such as campus lab and office locations, please simply log in using the connection steps above and use your NetID/password combination. 

Step 1 - Generate SSH Key Pair

First, you'll need to create and configure an SSH pair for each node you'll be connecting to, a great secure solution to connection. 

Open a Terminal

Open a terminal based on your operating system.

  • Windows - Command Prompt or Git Bash
  • MacOS or Linux - Terminal

Generate the SSH Key Pair

In the terminal, generate your SSH key pair with the following command. Be sure to give the key pair a comment that allows you to identify it. This could be your email address, netid, cluster name, etc.

Code Block
themeRDark
titleGenerate SSH Key Pair
# Example Key Generation
ssh-keygen -t rsa -b 4096 -C "<comment; ex.netid or email cluster-name>"

You'll be prompted to choose a location to save the key pair. This will default to '~/.ssh/id_rsa'. Be sure to notate if you choose another location. 

You also have the option to set a passphrase. If you prefer to not, simple hit 'Enter' to skip. 

Step 2 - Add the SSH Public Key to the Cluster

Next, you'll need to add the public key to each node you intend to connect to using this key noting that you can certainly generate a new key for each node. Being by displaying and copying your 

Copy the Public Key

Use a corresponding terminal to display the public key so that you can copy it. 

Code Block
themeRDark
titleDisplay SSH Key Pair
# CMD
type %USERPROFILE%\.ssh\id_rsa.pub

# Shell
cat ~/.ssh/id_rsa.pub

Add the Public Key to the Login Node

Next, connect to the cluster and add the public key. Repeat this step for other nodes as needed. 

Code Block
themeRDark
titleAdd SSH Key Pair to Cluster
# Make the .ssh directory in your home directory
mkdir -p ~/.ssh

# Put the copied public key into your authorized_keys file
echo "your_copied_public_key" >> ~/.ssh/authorized_keys

# Ensure the .ssh locations have the correct permissions
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Step 3 - Configure VS Code for SSH

Lastly, you'll need to ensure VS Code is configured to make the SSH connection. 

Install the Remote - SSH Extension

With VS Code open, go to the Extensions view (control + shift + x is the shortcut).

Search 'Remote - SSH' and install it. 

remote - ssh vs code marketplace

Add SSH Host in VS Code

Next, add the SSH Host connection in VS Code. To do so, press 'F1' to open the Command Palette. 

In the Command Palette, type 'Remote-SSH: Connect to Host...' and select it. 

Enter the login node connection string and press enter (ex. "yournetid>@its-og-login1.syr.edu"). 

remote-ssh connection details

Configure SSH Settings

You should be prompted to select the file where the SSH configuration will be saved. This is likely '~/.ssh/config' or 'C:\Users\<netid>\.ssh\config'. 

You should be prompted to either 'Open Config' or 'Connect'. You should select 'Open Config' so that you can ensure the SSH key pair is added appropriately. 

open config
The information for your host should look like the following notating that you'll want similar information for each host.

Code Block
themeRDark
titleExample SSH Config File
# Example Host Connection Configuration
Host its-og-login1.syr.edu
	HostName its-og-login1.syr.edu
	User <your-netid>
	IdentifyFile <SSH key location, ex. "~/.ssh/id_rsa"> 

Be sure to save the configuration file if you've made any changes. 

Connect to the SSH Host

Finally, connect to your host. To do so, press 'F1' to open the Command Palette. 

In the Command Palette, this time type 'Remote-SSH: Connect to Host...' and select it. 

You should now see the intended host. Select it and you should be connect. 


SSH Key Pair Compatibility

Below is a list of known compatible SSH solutions with this configuration type. 



Getting Help

Question about Research Computing? Any questions about using or acquiring research computing resources or access can be directed at researchcomputing@syr.edu.