-
Notifications
You must be signed in to change notification settings - Fork 0
/
access-and-development-on-dardel-and-HPC.qmd
103 lines (63 loc) · 4.3 KB
/
access-and-development-on-dardel-and-HPC.qmd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# Setting up an ssh key pair for Dardel login
**See [here](https://www.pdc.kth.se/support/documents/login/ssh_keys.html) and [here](https://www.pdc.kth.se/support/documents/login/ssh_login.html) for detailed instructions**
**Note that each IP address you log in from will require a separate key set up. If you regularly change IP address, consider setting up Kerberos authentication instead.**
## Basic set up:
### Create a new public/private key pair & give it a useful name
`ssh-keygen -t ed25519 -f ~/.ssh/id-ed25519-dardel`
### Upload the **public** key (.pub extension) to PDC [here](https://loginportal.pdc.kth.se)
### To login:
`ssh -i ~/.ssh/id-ed25519-dardel <MY_USERNAME>@dardel.pdc.kth.se`
- Basic ssh/scp functionality should now be possible by specifying the private key in your `ssh` command
## Further customisation:
### Avoid typing the key path and user@hostname each time you ssh into a specific server
`nano ~/.ssh/config`
- Once inside the file, type out the following config information, replacing the placeholders with your own details:
```
Host dardel
Hostname dardel.pdc.kth.se
User MY_USERNAME
IdentityFile ~/.ssh/id-ed25519-dardel
```
- This associates the server hostname, your username, and your private ssh key with the phrase `dardel`
- You can now just type `ssh dardel` to use those credentials
- Save as many of these custom credential sets as you need in the same config file (e.g. for different clusters/servers)
### Connect using one SSH key from different IP addresses
- Dardel limits access from SSH keys to specific approved IPs. You can add approved IP addresses or domains to a registered SSH key [here](https://loginportal.pdc.kth.se).
- Login so you can see the registered keys, click `add address`, and add an IP or domain.
### Avoid typing your password each time (works for the existing session, or can be added to `~/.bashrc`):
`eval $(ssh-agent)`
`ssh-add ~/.ssh/id-ed25519-dardel`
## Other notes
- PDC wants you to upload the public key to Dardel via SUPR authentication, but other servers are often less strict
- For these, you can upload your public key from the command line:
`ssh-copy-id -i ~/.ssh/id-ed25519-rackham.pub <MY_USERNAME>@rackham.uppmax.se`
- Or do it manually from within the remote server:
```
nano ~/.ssh/authorized_keys
# Paste the contents of the public key file, exit both server and local client, reboot, and log in
```
# Remote development on a cluster using VSCode
- You can `ssh` into a remote server via a terminal in VSCode, however you lose the 'VSCode experience'
- To connect and keep this more complete IDE interface:
- Install the VSCode `Remote - SSH` extension
- Set up the configuration offered when running `Remote-SSH: Connect to Host...`
- If you're working on WSL2 within a Microsoft installation of VSCode, the extension will run 'locally', i.e. on the Microsoft side of the system, therefore:
1. Save the ssh config file on the Microsoft side of the system, e.g.: `C:\Users\myuser\.ssh\config`
2. Copy your public and private keys from the WSL2 side to the Microsoft side, also to the `.ssh` directory
3. Edit the config file to ensure the path to the private key is in Microsoft format, e.g.:
```
Host dardel
HostName dardel.pdc.kth.se
User MY_USERNAME
IdentityFile C:\Users\myuser\.ssh\id-ed25519-dardel
```
# Thinlinc connection for graphical applications/browser access
- [Download Thinlinc](https://www.cendio.com/thinlinc/download) (if working in WSL2, it doesn't matter which side you install it on - but you'll need to have your ssh keys on the same side as Thinlinc)
- [Install it](https://www.cendio.com/resources/docs/tag-devel/html/client_linux.html), e.g.: `sudo dpkg -i thinlinc-client_4.16.0-3389_amd64.deb`
- Add the location of the `tlclient` binary to your `PATH` & `~/.bashrc`, e.g.: `export PATH=$PATH:/opt/thinlinc/bin`
- Run `tlclient` and add a new connection with the server hostname `dardel-vnc.pdc.kth.se` & your username
- Click Options > Security > Public key (under Authentication method)
- Click OK, then enter the path to your private key (e.g. `~/.ssh/id-ed25519-dardel`)
- Click connect - you should now be in!
- Optionally, you could also make an alias in your `~/.bashrc` for the `tlclient` command, e.g.: `alias thinlinc='tlclient'`