SSH Connection Information
Compute1 Basic Command
ssh washkey@compute1-client-N.ris.wustl.eduwashukey is replaced by the user’s washukey.
N is replaced by 1, 2, 3, 4, or 5 as there are 5 login clients on Compute1.
Compute2 Basic Command
ssh washukey@c2-login-00N.ris.wustl.eduwashukey is replaced by the user’s washukey.
N is replaced by 1, 2, or 3 as there are 3 login clients on Compute2.
Private-Public Key Pair
SSH keys can be used to authenticate to the cluster. This is the recommended method and allows you to securely SSH to the compute client without entering a passphrase.
Generate key files
~/.ssh/id_rsaand~/.ssh/id_rsa.pubon your Linux/Unix/MacOS system, using the commandssh-keygen:
> ssh-keygen -f ~/.ssh/id_rsa_compute
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/${compute_username}/.ssh/id_rsa_compute.
Your public key has been saved in /Users/${compute_username}/.ssh/id_rsa_compute.pub.
The key fingerprint is:
SHA256:P10QiInCIHPUMeIiiP/wtOQwW1D6eItQ75o3pDn+vKk ${compute_username}@macbook.local
The key's randomart image is:
+---[RSA 2048]----+
|o.=++. . o .. |
|o= ++.. o . . |
|= = . . |
|.+ = . |
|. * B S . |
| . /.o . . . |
| o+B o . |
| ++o. . |
| .E==o |
+----[SHA256]-----+To avoid typing the passphrase for your key, use ssh-agent:
> eval `ssh-agent`
Agent pid 76698Add your key to the agent:
> ssh-add ~/.ssh/id_rsa_compute
Enter passphrase for /Users/${compute_username}/.ssh/id_rsa_compute:Now copy this SSH ID to the compute client:
> ssh-copy-id -i ~/.ssh/id_rsa_compute ${compute_username}@compute1-client-1.ris.wustl.edu
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/${compute_username}/.ssh/id_rsa_compute.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
${compute_username}@compute1-client-1.ris.wustl.edu's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '${compute_username}@compute1-client-1.ris.wustl.edu'"
and check to make sure that only the key(s) you wanted were added.> ssh ${compute_username}@compute1-client-1.ris.wustl.edu
Last login: Mon Oct 28 11:32:02 2019 from 10.23.317.459
> whoami
${compute_username}You are now able to securely SSH to the compute client without entering a passphrase.
SSH Multiplexing - Persistent Connection (Recommended for Compute2)
The following SSH connection setup uses the
configfile located in the user’s personal computer.This allows for a persistent connection for a specified amount of time and makes it so that the 2FA required for Compute2 is only necessary once during the specified block of time.
This makes it so that software like MobaXTerm and Visual Studio Code do not prompt the user for a 2FA push for every action.
The following should be added to a user’s config file in their .ssh folder on their personal computer.
This is a hidden folder and user’s may need to make those visible in order to see it.
On Mac:
~/.ssh/configOn Windows:
C:\Users\<YourUsername>\.ssh\config
Host c2-login-001 HostName c2-login-001.ris.wustl.edu ControlMaster auto ControlPath /tmp/ssh_mux_%h_%p_%r ControlPersist 8h User washukey Host c2-login-002 HostName c2-login-002.ris.wustl.edu ControlMaster auto ControlPath /tmp/ssh_mux_%h_%p_%r ControlPersist 8h User washukey Host c2-login-003 HostName c2-login-003.ris.wustl.edu ControlMaster auto ControlPath /tmp/ssh_mux_%h_%p_%r ControlPersist 8h User washukey
The Host can be named to what the user would like. The defaults included self identify the login host the user is utilizing.
washukey is replaced with the user’s WashU Key ID.
An entry in the file is needed for each login host.
To use one of these persistent connections, user’s can use the following command.
ssh c2-login-001When connecting in this method, port forwarding will only work with the first connection attempt. Subsequent connection attempts involving port forwarding will fail.