Versions Compared

Old Version 3

changes.mady.by.user Daniel Jeski

Saved on

compared with

New Version Current

changes.mady.by.user Daniel Jeski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Draft - This page will serve as the provides general instructions for SSH Key Pair productionproducing and configuring SSH key pairs for authenticating to OrangeGrid and Zest. 

In most cases, users are able to utilize NetID/password combinations to authenticate to their desired cluster node. However, SSH key pairs, when configured, offer several key benefits including the elimination of passwords resulting in reduced risk of credential theft as well as the cryptographic strength of the keys themselves. 

Note
titleSecure Connection Required

Note that SSH connections, including those utilizing SSH key pairs, require a campus or secure connection (when off campus). Additional details about each cluster, including details for connecting off-campus, are available on the OrangeGrid (OG) | HT Condor and Zest | Slurm support pages. 


Warning
iconfalse
titleHead Node Code Execution

OrangeGrid and Zest are not intended to be used as a development environment. Activities on the cluster should be limited to submitting jobs, doing light editing with a text editor such as nano or vim, and running small tests that use a single core for no more than a few minutes. Avoid running code and processes directly on the node you are connected to as this can interfere with other users and, in some cases, impact the whole cluster


On This Page

Table of Contents
maxLevel3

Generating and Configuring SSH Key Pairs

Follow the steps below to configure  a new SSH key pair in anticipation of accessing a cluster with SSH. Once you have generated and configured your SSH key pair for the cluster, you do not have to do this step each time.

and use your NetID/password combination

Note: These instructions are written generally for OpenSSH and some programs, such as VS Code, are not compatible with this configuration using alternative SSH solutions like PuTTY

Note
titleOpenSSH Compatible Client Required
Before proceeding, note that SSH key pair configuration requires an OpenSSH compatible SSH client (PuTTY is not supported). If you do not have administrative access to the device you are connecting with, such as campus lab and office locations, please simply log in using the connection steps above

Step 1 - Generate SSH Key Pair

First, you'll need to create and configure an SSH pair for each node you'll be connecting to, a great secure solution to connection. 

Open a Terminal

Open a terminal based on your operating system.

  • Windows - Command Prompt (CMD) or Git Bash
  • MacOS or Linux - Terminal/Shell

Generate the SSH Key Pair

In the terminal, generate your SSH key pair with the following command. Be sure to give the key pair a comment that allows you to identify it. This could be your email address, netid, cluster name, etc.

Code Block
themeRDark
titleGenerate SSH Key Pair
# Example Key GenerationCMD 
ssh-keygen -o -a 100 -t ed25519 -f %USERPROFILE%\.ssh\id_ed25519 -C "<comment; ex.netid or email cluster-name>"

# Shell
ssh-keygen -o -a 100 -t rsaed25519 -b 4096f ~/.ssh/id_ed25519 -C "<comment; ex.netid or email cluster-name>"

YouNext, you'll be prompted to choose a location to save the key pair. This will default to '~/.ssh/id_rsaed25519'. Be sure to notate if you choose another location. 

You also have the option Finally, you will be prompted to set a passphrase. While this is not 'required', utilize a passphrase is highly encouraged to help keep your private key secure. If you prefer to not, simple hit 'Enter' to skip.

Warning
titleKeeping Your Private Key Secure

Users should take all possible steps to secure their private keys, including utilization of a passphraseAdditionally, users should avoid sharing their private key or passphrase with others, only keep their keys in secure storage locations, and consider rotating their SSH keys while updating authorized keys on your connections to limit the impact in the event of compromise. 

Step 2 - Add the SSH Public Key to the Cluster

Next, you'll need to add the public key to each node you intend to connect to using this key method noting that you can certainly generate a new key for each node. Being by displaying and copying your  

Copy the Public Key

Use

Begin by displaying and copying your key. 

To do so, use a corresponding terminal to display the public key so that you can copy it. 

Code Block
languagebash
themeRDark
titleDisplay SSH Key Pair
# CMD
type %USERPROFILE%\.ssh\id_rsaed25519.pub

# Shell
cat ~/.ssh/id_rsaed25519.pub

Add the Public Key to the Login Node

Next, connect to the cluster and add the public key. Repeat this step for other nodes as needed. 

Code Block
themeRDark
titleAdd SSH Key Pair to Cluster
# Make the .ssh directory in your home directory (if necessary)
mkdir -p ~/.ssh

# Put the copied public key into your authorized_keys file
echo "your_copied_public_key" >> ~/.ssh/authorized_keys

# Ensure the .ssh locations have the correct permissions
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Step 3 - Configure

VS Code for SSH

SSH Connection in Applications (if necessary)

Lastly, you'll need to ensure VS Code your application is configured to make the SSH connection

Install the Remote - SSH Extension

With VS Code open, go to the Extensions view (control + shift + x is the shortcut).

Search 'Remote - SSH' and install it. 

remote - ssh vs code marketplaceImage Removed

Add SSH Host in VS Code

Next, add the SSH Host connection in VS Code. To do so, press 'F1' to open the Command Palette. 

In the Command Palette, type 'Remote-SSH: Connect to Host...' and select it. 

Enter the login node connection string and press enter (ex. "yournetid>@its-og-login1.syr.edu"). 

remote-ssh connection detailsImage Removed

Configure SSH Settings

You should be prompted to select the file where the SSH configuration will be saved. utilizing your new or existing SSH key pair. 

Either during connection prompt or when configuring, you'll need to know where your SSH configuration is saved. This is likely '~/.ssh/config' or 'C:\Users\<netid>\.ssh\config'. 

You should be prompted to either 'Open Config' or 'Connect'. You should select 'Open Config' so that you can ensure the SSH key pair is added appropriately. 

open configImage Removed
The Next, be sure the information for your host should look like the following notating that you'll want similar information for each host.has been given the appropriate notations including specifying the SSH key location to be used. 

Code Block
themeRDark
titleExample SSH Config File
# Example Global Settings for All Hosts
Host Connection Configuration *
	User <your-netid>
	IdentityFile <your key location, ex. ~/.ssh/id_ed25519>
    AddKeysToAgent yes
    ForwardAgent yes
    ServerAliveInterval 180
    ServerAliveCountMax 3
    Protocol 2

# Example Specific Settings for an OrangeGrid and Zest Host
Host its-og-login1.syr.edu 	HostName its-ogzest-login1.syr.edu
	
    HostName $h
    User <your-netid>
	IdentifyFileIdentityFile <SSH<your key location, ex. "~/.ssh/id_rsa"> ed25519>
    AddKeysToAgent yes
    ForwardAgent yes
    ServerAliveInterval 180
    ServerAliveCountMax 3
    Protocol 2

# Example Adding Bastion Proxy Jump (Bastion access required)
Host its-condor-t1
	HostName its-condor-t1.syr.edu
	User <your-netid>

Host its-og-login1.syr.edu
	HostName its-og-login1.syr.edu
	User <your-netid>
	ProxyJump its-condor-t1

Be sure to save the any configuration file files if you've made any changes. 

Step 4 - Connect to the SSH Host

Finally, connect to your host. To do so, press 'F1' to open the Command Palette. 

In the Command Palette, this time type 'Remote-SSH: Connect to Host...' and select it. 

You should now see the intended host. Select it and you should be connect. 

SSH Key Pair Compatibility

Below is a list of known compatible SSH solutions with this configuration type. 

Getting Help

Question about Research Computing? Any questions about using or acquiring research computing resources or access can be directed at This should be done either in your application as configured above or via CMD/CLI as in the examples below.

Note that the passphrase will be needed at least once per session and you may be prompted in additional intervals depending on your ssh-agent. 

Code Block
languagebash
themeRDark
titleDisplay SSH Key Pair
# Example Basic Connection
ssh <your-netid>@its-og-login1.syr.edu

# Example Bastion Proxy Direct Connection (Bastion access required)
ssh -J <your-netid>@its-condor-t1.syr.edu <your-netid>@its-og-login1.syr.edu


Getting Help

Need Help? Any questions about using the instructions on this page or to acquiring research computing resources can be directed at researchcomputing@syr.edu.