Table of contents
Prerequisites
Please go through https://arcwiki.rs.gsu.edu/en/home/ssh/signing-in to know more details about connecting to the cluster.
VPN
You must be connected to the GSU VPN, or in the GSU network to log in to the cluster.
Active allocation
SSH keypair
Generate an SSH keypair in your local machine:
$ mkdir ~/.ssh
$ cd ~/.ssh
$ ssh-keygen -t ed25519 -f id_<campusid>
make sure to use a strong password when creating your keys!
-t ed25519
flag not workingif the flag
-t ed25519
results in an error when you use it, DO NOT GENERATE A KEY USING SHA-256 (the default). Instead, try to update your version ofssh
, or if it continues not to work, create a ticket with IT on Hydra.
Signed public key
# copy the content of your public key
$ cat ~/.ssh/id_<campusid>.pub
### copy the output ###
Go to https://elpis.rs.gsu.edu/, then go to the “Sign SSH Certificate” page. Here, paste the content of the public key and click “Sign Key”. If there is an error generating the certificate, please verify that you copied the public key contents correctly. Download the generated certificate to your local machine and save in the ~/.ssh
folder.
$ mv ~/Downloads/id_<campusid>-cert.pub ~/.ssh
Certificate Has An Expiration Date
If it’s been about 3 months since you signed your certificate and authentication suddenly returns username@arclogin.rs.gsu.edu: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
. Your certificate may have expired. See description of this case in the elpis documentation. You can check via ssh-keygen -L -f ~/.ssh/id_username-cert.pub
. This should return something like
❯ ssh-keygen -L -f .\.ssh\id_username-cert.pub
.\.ssh\id_cchildress-cert.pub:
Type: ssh-ed25519-cert-v01@openssh.com user certificate
Public key: ED25519-CERT SHA256:BmEP/qyJnwkJJDlFX3PcKav8zj1hMkam98h+JQLhtA0
Signing CA: RSA SHA256:RkvuiBi72zpO9p5RfhKCgyVgTj+D+4nkQX62wY4UVR0 (using rsa-sha2-512)
Key ID: "vault-clientrole-token-elpis-acids-06610ffeac899f09092439455f73dc29abfcce3d613246a6f7c87e2502e1b40d"
Serial: 16511806482349416608
Valid: from 2022-11-23T10:11:55 to 2023-02-21T10:12:25
Principals:
username
Critical Options: (none)
Window’s users have to hit TAB to resolve ~ to their home directory. You want to check the valid dates to ensure the certificate is still valid.
What do to if your certificate has expired?
- Go to https://elpis.rs.gsu.edu and paste your public key into the Sign SSH Form. Full instructions
- Save your new certificate as ~/.ssh/id_username-cert.pub replacing your old certificate.
- Re-add your ssh key and certificate to the ssh-agent
ssh-add ~/.ssh/id_username
Connect to the cluster using terminal
Create SSH configuration file
Create a file ~/.ssh/config
with the following contents.
Host *
AddKeysToAgent yes
IgnoreUnknown UseKeychain
UseKeychain yes
ForwardAgent yes
ServerAliveInterval 180
ServerAliveCountMax 3
TCPKeepAlive yes
User <campusid>
CertificateFile ~/.ssh/id_<campusid>-cert.pub
IdentityFile ~/.ssh/id_<campusid>
Host arclogin
HostName arclogin.rs.gsu.edu
CertificateFile ~/.ssh/id_<campusid>-cert.pub
IdentityFile ~/.ssh/id_<campusid>
Configure SSH authentication agent
On Linux/Mac, the SSH authentication agent should be running by default. Run the following command to add the generated SSH key to the agent.
ssh-add ~/.ssh/id_<campusid>
On Windows, you need administrator privilege to enable the service. Open a PowerShell window as administrator and run the following command:
$ Set-Service -Name ssh-agent -StartupType Automatic -Status Running
Then you should be able to use the ssh-add
command above.
If you do not have administrator access to your machine, please contact the administrator with the above information.
Connect to the cluster login node
Run the following command to get connected to the cluster.
$ ssh arclogin
[<campusID>@arclogin ~]$
Head/login node vs compute/worker nodes
@arclogin
indicates that you are connected to the head/login node. On the login node you can submit jobs, interact with the cluster, edit files etc. But you should not run lengthy computations (more than a few seconds) on the login node itself.
For running computations, please allocate resources on a compute/worker node which are accessible from the head/login node:
[<campusID>@arclogin ~]$ srun -p qTRD -A <slurm_account_code> -v -n1 --mem=10g -t60 --pty /bin/bash
srun: defined options
srun: -------------------- --------------------
srun: account : <slurm_account_code>
srun: mem : 10G
srun: ntasks : 1
srun: partition : qTRD
srun: pty : set
srun: time : 01:00:00
srun: verbose : 1
srun: x11 : all
srun: -------------------- --------------------
srun: end of defined options
srun: Waiting for nodes to boot (delay looping 450 times @ 0.100000 secs x index)
srun: Nodes trendscn013.rs.gsu.edu are ready for job
srun: jobid 376466: nodes(1):trendscn013.rs.gsu.edu', cpu counts: 1(x1)
srun: CpuBindType=(null type)
srun: launching 376466.0 on host trendscn013.rs.gsu.edu, 1 tasks: 0
srun: route default plugin loaded
srun: Node trendscn013.rs.gsu.edu, 1 tasks started
[<campusID>@trendscn013 ~]$
The above command will allocate 1 CPU on one of the nodes under qTRD
queue and 10GB of RAM on the said node (trendscn013
in this case) for 60 minutes and start a bash
session. See this page for more information about the available queues.
arclogin.rs.gsu.edu does not work
if you have an issue with logging into arclogin.rs.gsu.edu, make sure you have all of the recommended flags in the
Host *
section of your config. Please do not use another ID for the login node, as this will bypass security and reliability behaviors implemented by IT.
Connect to the cluster using VNC
You can also connect to the cluster and GUI applications from https://hemera.rs.gsu.edu/.