Contents
Using Secure Shell (SSH) on Elwetritsch
Please note:
SSH access to the cluster is currently limited, both from the outside and within the cluster. If reasonable, please login graphically using RDP or NX.
Introduction
We want to make sure that the HPC cluster will not be attacked. We can only secure the server side of the cluster, but you can help to make the client side (i.e. your PC or Laptop) as secure as possible. Therefore, it is of utmost importance that you follow our instructions for using SSH and related tools (like Putty, WinSCP, SFTP etc.)
Important notes for RPTU users:
- In addition to "elwe1" you can also use "elwe2", "elwe3" and "elwe4".
- If you are not on campus, please establish a VPN connection to RPTU prior to executing the commands below.
Important note for RARP users:
- Please replace "elwe1.rz.rptu.de" with either "elwe1.rarp-kl.de" or "elwe2.rarp-kl.de" while executing the commands below.
- If you are not on campus, please establish a VPN connection to your University prior to executing the commands below.
- If you still cannot connect to Elwetritsch, please write a ticket to rz-support@rptu.de.
Using Bitvise GUI for Windows
Instead using commands you may setup new keys on your Windows desktop with help of a graphical SSH software. How you generate keys and use them is explained in one of our videos.
General Rules for using SSH on Elwetritsch and other Linux Systems at RPTU:
- Always protect SSH keys for accessing RPTU servers with a passphrase. - If reasonable, add a "from=..." statement to the authorized_keys file (experts only). - Avoid using -X and -Y (instead log in graphically). - Never use a Cluster-internal key to authenticate on systems outside the cluster. - Do not scp files from the cluster somewhere outside, instead pull the data from the outside.
Generate your SSH Keys
In order to use SSH for accessing Elwetritsch, you have to generate an SSH key on your desktop PC. The following commands can be executed on Linux and macOS desktops. Also, some Windows SSH implementations (like Cygwin or the Windows Subsystem for Linux) allow to execute the same commands. If you are using a graphical software like Putty, please refer to the manual to reproduce the necessary steps.
First, you create a new SSH key pair:
ssh-keygen -t ed25519 -a 100Please accept the default locations for the files. You will be prompted to enter a passphrase. Please enter a new strong passphrase (we recommend at least 12 upper and lower case characters and the usage of special characters) and remember it. Please do not use any password here that you are using elsewhere! When finished, the private and the public part of your SSH key will be placed in your .ssh directory.
Second, you copy the new public key to Elwetritsch:
ssh-copy-id -i .ssh/id_ed25519.pub your_account@elwe1.rz.rptu.dePlease replace "your_account" with your actual RPTU account name. You will now be prompted to enter your passhprase to unlock your SSH key.
You should now be prompted to accept the ECDSA key fingerprint ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG0y+C1zFYoXARICThsXM8kIrKPLl168AOpag+23htet6D8ELM4ZyjpXoJ5ZxdKfUDiO3o314KA1f/XInfKmecc= of elwe1.rz.rptu.de. Please check the string carefully before accepting it with "yes". Then you will be prompted to enter your RPTU password to access Elwetritsch.
If you get an error complaining about a different SSH server fingerprint, you have forgotten to delete your old .ssh directory on your desktop. At least you must remove the old public keys of the Elwetritsch Login nodes from the file .ssh/known_hosts. If your SSH session is rejected, please check your VPN connection.
Using the new SSH Key
You are now ready to use your newly generated SSH key for accessing Elwetritsch:
ssh your_account@elwe1.rz.rptu.deAgain, please replace "your_account" with your actual RPTU account name.
You can also copy files to and from the cluster by executing "scp" on your desktop. Please read the manual for further instructions and command line arguments.