Changes

Page history
Update Logging in to JSC Supercomputers authored by Johannes Keller's avatar Johannes Keller
Hide whitespace changes
Inline Side-by-side
Logging-in-to-JSC-Supercomputers.md
View page @ 52cd9c8c
Contents:
[TOC]
# JURECA: Note on IPv6 connectivity
For users connecting from machines with a globally routed IPv6 address assigned to them, their SSH clients will favor IPv6. This can lead to issues for users who have uploaded SSH public keys with `from=` clauses based solely on IPv4 addresses or using patterns based on host names that do not match the host names their internet provider assigns to IPv6 addresses.
The long-term solution for these issues is to update your `from=` clauses to include patterns based on IPv6 addresses (or hostnames matching the IPv6 addresses).
A short-term solution can be to revert to IPv4 connectivity. This can be done by connecting to a new DNS name which will keep resolving to IPv4 addresses only: `jureca-ipv4.fz-juelich.de`. Another option is to disallow IPv6 in your SSH client. For OpenSSH, this can be done with the command line option `-4` or the configuration setting `AddressFamily inet`. In PuTTY the protocol can be overridden with the setting '_Internet protocol version_' in the '_Connection_' pane.
![image](uploads/336fe11e809b712bf4be1156a6aabf69/image.png)
# Logging in with OpenSSH
Go to the terminal.
Run the command
`ssh -X -i ~/.ssh/id_ed25519 JUDOOR_USERNAME@jureca.fz-juelich.de.de`
but replace _JUDOOR_USERNAME_ with your JSC JUDOOR user name. Type in your SSH key passphrase.
When connecting for the first time, OpenSSH will prompt you to confirm the server key fingerprint:
![image](uploads/240551ae22e324ce450937c8f6c2c088/image.png)
Answer `yes`. This is only required on your first login from this machine.
After successful login, you see the welcome screen.
![image](uploads/899f015044be4077bd0dceaa081d3c34/image.png)
Additional explanation about the command:
The `-X` option in the ssh-command enables "X11 forwarding"; this allows you to forward the graphical output of the X graphics server on the host / remote server / HPC system login node to the local client / Linux desktop / your notebook. This allows you to forward graphic interfaces and not only the terminal.
# Logging in with PuTTY
Launch `putty.exe` to log in. Under "_Category_", navigate to "_Session_" and set the _Host name (or IP address)_ for the system you want to connect to, e.g. `jureca.fz-juelich.de`.
![image](uploads/57bda9423516b1cbf21b0962aa306207/image.png){width=450}
Under the “_Category_”, navigate to "_Connection > SSH > Auth_" and under “_Private key file for authentication:_”, select the key you just generated.
![image](uploads/5c2f173e0f3626d51bfdf988dd13bff9/image.png){width=450}
If you want to save this configuration, you can navigate back to the “_Session_” screen to give the session a name (e.g., JURECA) and save it.
Now click "_Open_" to connect.
When you connect for the first time, PuTTY will display a dialog like the following:
![image](uploads/670f3806874d14f90873f5269885c1a9/image.png)
This is not an error, but a security feature. Answer "Yes".
Contents:
[TOC]
# JURECA: Note on IPv6 connectivity
For users connecting from machines with a globally routed IPv6 address assigned to them, their SSH clients will favor IPv6. This can lead to issues for users who have uploaded SSH public keys with `from=` clauses based solely on IPv4 addresses or using patterns based on host names that do not match the host names their internet provider assigns to IPv6 addresses.
The long-term solution for these issues is to update your `from=` clauses to include patterns based on IPv6 addresses (or hostnames matching the IPv6 addresses).
**A short-term solution**: Revert to IPv4 connectivity.
1. Disallow IPv6 in your SSH client
- PuTTY: Set '_Internet protocol version_' in the '_Connection_' pane. See figure below.
- OpenSSH: Command line option `-4` or the configuration setting `AddressFamily inet` in `.ssh/config`
2. Connect to a new DNS name which will keep resolving to IPv4 addresses only: `jureca-ipv4.fz-juelich.de`.
![image](uploads/336fe11e809b712bf4be1156a6aabf69/image.png)
# Logging in with OpenSSH
Go to the terminal.
Run the command
`ssh -X -i ~/.ssh/id_ed25519 JUDOOR_USERNAME@jureca.fz-juelich.de.de`
but replace _JUDOOR_USERNAME_ with your JSC JUDOOR user name. Type in your SSH key passphrase.
When connecting for the first time, OpenSSH will prompt you to confirm the server key fingerprint:
![image](uploads/240551ae22e324ce450937c8f6c2c088/image.png)
Answer `yes`. This is only required on your first login from this machine.
After successful login, you see the welcome screen.
![image](uploads/899f015044be4077bd0dceaa081d3c34/image.png)
Additional explanation about the command:
The `-X` option in the ssh-command enables "X11 forwarding"; this allows you to forward the graphical output of the X graphics server on the host / remote server / HPC system login node to the local client / Linux desktop / your notebook. This allows you to forward graphic interfaces and not only the terminal.
# Logging in with PuTTY
Launch `putty.exe` to log in. Under "_Category_", navigate to "_Session_" and set the _Host name (or IP address)_ for the system you want to connect to, e.g. `jureca.fz-juelich.de`.
![image](uploads/57bda9423516b1cbf21b0962aa306207/image.png){width=450}
Under the “_Category_”, navigate to "_Connection > SSH > Auth_" and under “_Private key file for authentication:_”, select the key you just generated.
![image](uploads/5c2f173e0f3626d51bfdf988dd13bff9/image.png){width=450}
If you want to save this configuration, you can navigate back to the “_Session_” screen to give the session a name (e.g., JURECA) and save it.
Now click "_Open_" to connect.
When you connect for the first time, PuTTY will display a dialog like the following:
![image](uploads/670f3806874d14f90873f5269885c1a9/image.png)
This is not an error, but a security feature. Answer "Yes".
The server key fingerprint displayed in the dialog has to be verified by comparing it to the known good fingerprint. JSC publishes SSH fingerprints for its systems through JuDoor. You can find them on the page you used to upload your public key.
\ No newline at end of file