Secure Shell (SSH) is a way to login to remote computers securely as all data is encrypted in both directions between the local computer (your laptop) and the remote computer (ABACUS 2.0).
Using SSH keys is an even more secure way to use SSH to access a remote compute as there is no password exchange between the local and remote computer. An SSH key pair is generated on the local computer. The key pair consists of a private key which stays on your local computer and a public key which must be uploaded to the remote computer.
SSH using SSH keys is the only way to get remote access to ABACUS 2.0. The steps below walk you through how to generate your own SSH key for access to the cluster.
Linux and mac users have an OpenSSH client installed by default on their system and do not need to do anything specific.
For file transfers to ABACUS 2.0, we suggest using the built-in scp program. Mac users who prefer a GUI can use, e.g., Cyberduck.
Check for existing SSH keys
First, we check for existing keys on your computer. Open a command line and enter:
peter@laptop:~$ ls -al ~/.ssh/ You should see a list of files in your .ssh directory if it exists
Check to see whether you already have a public SSH key. By default, filenames of public keys are one of the following:
If you have a file ending with
.pub and also have the file without .pub, e.g.,
id_rsa, and you can remember the passphrase for you ssh key pair, you can skip the next step.
Generate a new SSH key
Run the following command to generate a new SSH key. Replace Office PC with a descriptive text of computer you are generating the key on. You should use the default password, and a strong passphrase to safeguard the key.
peter@laptop:~$ ssh-keygen -t rsa -C "Office PC" Generating public/private rsa key pair. Enter file in which to save the key (/home/peter/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/peter/.ssh/id_rsa. Your public key has been saved in /home/peter/.ssh/id_rsa.pub. The key fingerprint is: 84:9b:de:ae:30:db:31:37:e6:41:17:c0:45:59:e8:bb Office PC The key's randomart image is: +--[ RSA 2048]----+ | ..oo+. | | ...o | | . ... | | + .. | | o S .. | | . o .. | | o + * . | | = B oE | | . o.o | +-----------------+
Add the public SSH key to your ABACUS 2.0 account
Sign in to our admin home page https://deic-adm.sdu.dk/admin/.
Go to your User’s page and select Add SSH Key. Now go to the command line and get the contents of your public key by running this command, and copy + pasting the result. It is very important to copy public key exactly as it appears in the terminal window.
peter@laptop:~$ cat ~/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkHCVVojMcOe6eqy54AET0fTD2mkwLBUYAf6G zTZuajq7ywkW7aKYCnVua8kcdWEVpy4GHXhGVoJv2aeP6YxhpJAZpj155Oe/+JEmpVcJclKwTwX iJmKZZnfYtgkA8+zQGMhFCdZLajhhO9tX9KcgM+sREXfgUO4d3qdNBsNM6xlPKWmPRx+eaMgKaf Ligu1AWjqNI+kMT1tPeIhJbv6/P5mTFCtXw6RVSn03TBCM1AYIf0kqXi1+1UPiQKgx8aZAVyPOx iziyxih/ecHFJhk8XTBaMAYYEg2aaiHHANhFY2X3bOjcQ/RdRsZ1TXbBA8of9u4F25y460HL4Ba JjXWL Office PC
Note that you should expect up to 15 minutes delay for the new key to be effective on the cluster, i.e., wait a few minutes before trying whether everything works as expected.
Connecting to ABACUS 2.0
After uploading the key and waiting some minutes (up to 15 minutes), you are now ready to login using your new ssh key. Go to a terminal window, and use the
ssh command as shown below, of course replacing
testuser with the user name you selected on our admin home page.
peter@laptop:~$ ssh firstname.lastname@example.org _ _ ____ ___ / \ | |__ __ _ ___ _ _ ___ |___ \ / _ \ / _ \ | '_ \ / _` |/ __| | | / __| __) || | | | / ___ \| |_) | (_| | (__| |_| \__ \ / __/ | |_| | /_/ \_\_.__/ \__,_|\___|\__,_|___/ |_____(_)___/ Welcome to DeIC National HPC Centre, SDU ... testuser@fe1:~$
To copy files to and from ABACUS 2.0 you can use direct
sftp to the frontend nodes, fe.deic.sdu.dk. Note that you in all cases must use the SSH key you uploaded earlier.
You can use the file
~/.ssh/config to setup parameters for SSH that you otherwise must enter at each login. This is done on the client (your laptop). Basically you create a section per remote computer. The special
Host * section will match any computer, i.e., using the following, we always ask ssh to forward X11 sessions from the remote computer.
# # Contents of ~/.ssh/config on your laptop # Host abacus Hostname fe.deic.sdu.dk User testuser # # Setup for another HPC facility you have access to # Host france Hostname other.computer.in.france.fr User pierre # Entries in "Host *" are used as default values # - unless something else is specified above Host * ForwardX11 yes
With the above file in place, you can now simply use
peter@laptop:~$ ssh abacus
peter@laptop:~$ ssh -X email@example.com
- MobaXterm: MobaXterm includes a lot of extra features compared to PuTTY, including easy GUI file transfers and X11 forwarding.The free version of MobaXterm is enough for most users.
- PuTTY: PuTTY is probably the most popular Windows SSH program. PuTTY consists of several smaller binaries, including in particular putty.exe (used to actually do ssh), and PuTTYgen (used to generate SSH keys).We suggest to use the PuTTY Windows MSI installer. which includes all programs.
Before continuing to the next step, you should download and install either MobaXterm or PuTTY.
For data transfers to ABACUS 2.0, see the Data Transfer Section.
Creating a SSH key pair
The first step is to create a SSH Key pair.
- MobaXterm: Launch MobaXterm, and select Tools / MobaKeyGen (SSH key generator) in the menu.
- PuTTY: Launch the PuTTYgen key generation program.
In both cases you get a window similar to the following:
To create a new key suitable for ABACUS 2.0, you should leave the default parameters at SSH-2 RSA and a keylength of 2048 bits. Click Generate to generate a new key. After they key has been generated the screen is updated with information on the new key:
Add a key comment, e.g., Office PC, and write a strong passphrase to guard the key. Finally, save the two parts of the key. For both parts of the key pair, we suggest saving them in a folder you can easily find again, e.g., a subfolder of your main Documents folder.
- Public key: This is the public part of the key which you must
upload the ABACUS 2.0 admin home page.The easiest way to get a the public key in the format suitable for ABACUS 2.0 is to copy+paste the content of the frame titled Public key for pasting into OpenSSH authorized_keys file. Highlight+copy everything in the frame to the clipboard. Next, open Notepad and paste the contents. Everything must be in one (very long) line. Save the contents in a file with the extension
.txtfor easy access later, e.g.,
id_rsa_pub.txt.NOTE: Clicking Save public key will not save the public key in a format suitable for ABACUS 2.0.
- Private key: This is the private part of the key which stays on your own computer.Click Save private key to save the private key in “PuTTY format”. For easy access later, save this in a file with the extension
- Private key (OpenSSH format): If you plan later to use MATLAB over ssh (as explained here), you must also save the private key in OpenSSH format as MATLAB cannot use a private key in ppk format. To do this, select Conversions / Export OpenSSH key in the menu, and export+save the key.
Note that you can use the same private+public key pair on multiple computers and to access many other clusters apart from Abacus 2.0.
Add the public SSH key to your ABACUS 2.0 account
Sign in to our admin home page
Go to your User’s page and select Add SSH key. Open the public key file you created earlier in e.g. Notepad and copy the contents of the file using Ctrl-C. Next, paste the key to the public key box on the Add SSH Key page in your browser, and click Add key.
It is very important to copy the public key exactly as it appears. This is something along the lines of the following (with everything appearing in one very long line).
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAnwsD1wt0LysYmnZrrNAmCHJcnZjVBH9BVyXxN3t tIxK2YUnllFgd2lmWZzivmqADRRdghbJJk6AqX+xgji5mtaxKo71HSh1TJnpov3wn/vI4KQcXPV mdeMsXNPsLcUoJ+nuh86zGmR2rG2fFgG/BeANDY55HH10lc9qxBlCqrqqOBgP89vhV0wrvLitEM 6dJgdytL9Pw+1q9yw52UYxPrv6Tv5dwrRRXB0DCdY9nqVi5zdY7GLe6n6VPr3J0LCGLpX21jMVE 7tyRSYDkdzDJYlPsQ1Mq/IPqrE4Uj71DzdmcD6ewoklC3KFbobjsYoMbzdHrT1WBEd1ZSG//ZUy unw== Office PC
You should expect up to 15 minutes delay for the new key to be effective on the cluster, i.e., wait a few minutes before trying whether everything works as expected.
Connecting to ABACUS 2.0
After uploading the key and waiting some minutes (up to 15 minutes), you are now ready to login using your new ssh key.
Connecting to ABACUS 2.0 using MobaXterm
Start the main MobaXterm program. A window similar to this appears. Note that you can skip the first many steps after you have completed this the first time.
- In the top left corner, click Session, and a new window appears.
Fill out a few details:
- Remote Host:
- Username: Your username on Abacus, e.g.,
- Use private key: Select the private key you generated earlier,
Finally, click ✓ OK.
- Remote Host:
- You have now connected to ABACUS 2.0.If you get the error:
Disconnected: No supported authentication methods available (server sent: publickey, hostbased), you did probably not wait the required 15 minutes before trying to
login. Try again in a few minutes.Note that you have a file browser to the left side which can be used to copy files to and from ABACUS 2.0.
Next time, you can open a connection to
fe1.deic.sdu.dk by simply using the link to
fe1.deic.sdu.dk on the first page of MobaXterm.
Connecting to ABACUS 2.0 using PuTTY
Start the main PuTTY program. A window similar to this appears. Note that you can skip the first many steps after you have completed this the first time.
- Select Connection / SSH / Auth in the menu on the left, and select Browse… to locate the private SSH key you saved earlier.
- Next, go to the submenu Connection / Data, and set the user name you selected to use on our system in Auto-login username:
- Finally, return to the main Session submenu, and write the ssh host name fe.deic.sdu.dk.
- Save this as a PuTTY Saved session to skip the previous steps at future logins, by writing e.g., Abacus in the Saved sessions box, and clicking Save.
- In the future, you can simply double click Abacus to load all the settings.
- Now to login, click Open. You will be asked for the passphrase for your SSH key before you are allowed to login.
Using username "testuser". Authenticating with public key "Office PC" Passphrase for key "Office PC": _ _ ____ ___ / \ | |__ __ _ ___ _ _ ___ |___ \ / _ \ / _ \ | '_ \ / _` |/ __| | | / __| __) || | | | / ___ \| |_) | (_| | (__| |_| \__ \ / __/ | |_| | /_/ \_\_.__/ \__,_|\___|\__,_|___/ |_____(_)___/ Welcome to DeIC National HPC Centre, SDU ... testuser@fe1:~$
If you get the error:
Disconnected: No supported authentication methods available (server sent: publickey, hostbased), you did probably not wait the required 15 minutes before trying to login. Try again in a few minutes.
In all cases must use the SSH key you uploaded earlier.
Putty key agent: Pageant
For ease of use, you can use the Putty key agent Pageant to store the passphrase of your private key. Then you only have to write the passphrase once every time your computer is booted.
After installing Pageant via the (PuTTY MSI installer you simply double-click on the private key, and enter the passphrase for the key.