Table of contents
  1. Prerequisites
    1. VPN
    2. Active allocation
    3. SSH keypair
  2. -t ed25519 flag not working
    1. Signed public key
    2. Certificate Has An Expiration Date
    3. What do to if your certificate has expired?
  3. Connect to the cluster using terminal
    1. Create SSH configuration file
    2. Configure SSH authentication agent
    3. Connect to the cluster login node
  4. Head/login node vs compute/worker nodes
  5. arclogin.rs.gsu.edu does not work
  6. Connect to the cluster using VNC

Prerequisites

Please go through https://arcwiki.rs.gsu.edu/en/home/ssh/signing-in to know more details about connecting to the cluster.

VPN

You must be connected to the GSU VPN, or in the GSU network to log in to the cluster.

Active allocation

Request an account.

SSH keypair

Generate an SSH keypair in your local machine:

$ mkdir ~/.ssh
$ cd ~/.ssh
$ ssh-keygen -t ed25519 -f id_<campusid>

make sure to use a strong password when creating your keys!

-t ed25519 flag not working

if the flag -t ed25519 results in an error when you use it, DO NOT GENERATE A KEY USING SHA-256 (the default). Instead, try to update your version of ssh, or if it continues not to work, create a ticket with IT on Hydra.

Signed public key

# copy the content of your public key
$ cat ~/.ssh/id_<campusid>.pub
### copy the output ###

Go to https://elpis.rs.gsu.edu/, then go to the “Sign SSH Certificate” page. Here, paste the content of the public key and click “Sign Key”. If there is an error generating the certificate, please verify that you copied the public key contents correctly. Download the generated certificate to your local machine and save in the ~/.ssh folder.

$ mv ~/Downloads/id_<campusid>-cert.pub ~/.ssh

Certificate Has An Expiration Date

If it’s been about 3 months since you signed your certificate and authentication suddenly returns username@arclogin.rs.gsu.edu: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).. Your certificate may have expired. See description of this case in the elpis documentation. You can check via ssh-keygen -L -f ~/.ssh/id_username-cert.pub. This should return something like

❯ ssh-keygen -L -f .\.ssh\id_username-cert.pub
.\.ssh\id_cchildress-cert.pub:
        Type: ssh-ed25519-cert-v01@openssh.com user certificate
        Public key: ED25519-CERT SHA256:BmEP/qyJnwkJJDlFX3PcKav8zj1hMkam98h+JQLhtA0
        Signing CA: RSA SHA256:RkvuiBi72zpO9p5RfhKCgyVgTj+D+4nkQX62wY4UVR0 (using rsa-sha2-512)
        Key ID: "vault-clientrole-token-elpis-acids-06610ffeac899f09092439455f73dc29abfcce3d613246a6f7c87e2502e1b40d"
        Serial: 16511806482349416608
        Valid: from 2022-11-23T10:11:55 to 2023-02-21T10:12:25
        Principals:
                username
        Critical Options: (none)

Window’s users have to hit TAB to resolve ~ to their home directory. You want to check the valid dates to ensure the certificate is still valid.

What do to if your certificate has expired?

  1. Go to https://elpis.rs.gsu.edu and paste your public key into the Sign SSH Form. Full instructions
  2. Save your new certificate as ~/.ssh/id_username-cert.pub replacing your old certificate.
  3. Re-add your ssh key and certificate to the ssh-agent ssh-add ~/.ssh/id_username

Connect to the cluster using terminal

Create SSH configuration file

Create a file ~/.ssh/config with the following contents.

Host *
    AddKeysToAgent yes
    IgnoreUnknown UseKeychain
    UseKeychain yes
    ForwardAgent yes
    ServerAliveInterval 180
    ServerAliveCountMax 3
    TCPKeepAlive yes
    User <campusid>
    CertificateFile ~/.ssh/id_<campusid>-cert.pub
    IdentityFile ~/.ssh/id_<campusid>

Host arclogin
    HostName arclogin.rs.gsu.edu
    CertificateFile ~/.ssh/id_<campusid>-cert.pub
    IdentityFile ~/.ssh/id_<campusid>

Configure SSH authentication agent

On Linux/Mac, the SSH authentication agent should be running by default. Run the following command to add the generated SSH key to the agent.

ssh-add ~/.ssh/id_<campusid>

On Windows, you need administrator privilege to enable the service. Open a PowerShell window as administrator and run the following command:

$ Set-Service -Name ssh-agent -StartupType Automatic -Status Running

Then you should be able to use the ssh-add command above.

If you do not have administrator access to your machine, please contact the administrator with the above information.

Connect to the cluster login node

Run the following command to get connected to the cluster.

$ ssh arclogin
[<campusID>@arclogin ~]$

Head/login node vs compute/worker nodes

@arclogin indicates that you are connected to the head/login node. On the login node you can submit jobs, interact with the cluster, edit files etc. But you should not run lengthy computations (more than a few seconds) on the login node itself.

For running computations, please allocate resources on a compute/worker node which are accessible from the head/login node:

[<campusID>@arclogin ~]$ srun -p qTRD -A <slurm_account_code> -v -n1 --mem=10g -t60 --pty /bin/bash
srun: defined options
srun: -------------------- --------------------
srun: account             : <slurm_account_code>
srun: mem                 : 10G
srun: ntasks              : 1
srun: partition           : qTRD
srun: pty                 : set
srun: time                : 01:00:00
srun: verbose             : 1
srun: x11                 : all
srun: -------------------- --------------------
srun: end of defined options
srun: Waiting for nodes to boot (delay looping 450 times @ 0.100000 secs x index)
srun: Nodes trendscn013.rs.gsu.edu are ready for job
 srun: jobid 376466: nodes(1):trendscn013.rs.gsu.edu', cpu counts: 1(x1) 
srun: CpuBindType=(null type)
srun: launching 376466.0 on host trendscn013.rs.gsu.edu, 1 tasks: 0
srun: route default plugin loaded
srun: Node trendscn013.rs.gsu.edu, 1 tasks started
[<campusID>@trendscn013 ~]$

The above command will allocate 1 CPU on one of the nodes under qTRD queue and 10GB of RAM on the said node (trendscn013 in this case) for 60 minutes and start a bash session. See this page for more information about the available queues.

arclogin.rs.gsu.edu does not work

if you have an issue with logging into arclogin.rs.gsu.edu, make sure you have all of the recommended flags in the Host * section of your config. Please do not use another ID for the login node, as this will bypass security and reliability behaviors implemented by IT.

Connect to the cluster using VNC

You can also connect to the cluster and GUI applications from https://hemera.rs.gsu.edu/.


Page last modified: 09/25/2022 9:29.