SSH: Difference between revisions

Secure Shell (SSH) is a widely-used standard to connect to remote servers in a secure way. The entire SSH connection is encrypted - especially the login credentials (username and password). SSH is the normal way for Compute Canada users to connect in order to execute commands, submit jobs, follow the progress of these jobs and in some cases, transfer files.

Various implementations of the SSH standard exist for most major operating systems.

• On OS X (Apple) and Linux the most widely used client is OpenSSH, a command line application installed by default on these platforms.
• For Windows, individuals have to install an SSH client on their own: options include PuTTY, MobaXTerm, and Bitvise.

To use any of these implementations of SSH successfully, you need to know (1) the name of the machine to which you want to connect, (2) your userid and (3) your password.

The machine name will be something like cedar.computecanada.ca or niagara.computecanada.ca.

Your userid is your Compute Canada default account, typically something like jsmith, and the password is the same one you use to log in to the Compute Canada database, ccdb.computecanada.ca. The userid is not your CCI, like abc-123, nor a CCRI like abc-123-01, nor your email address.

When using Linux or MacOS, you will need to open a terminal, for example /Applications/Utilities/Terminal.app for Apple hardware, and then use the command shown below:

[name@server ~]$ ssh -Y userid@machine_name

The option -Y forwards X11 traffic which allows you to use graphical applications on the remote server such as certain text editors. Note that to use graphical applications you also need to have an X11 server installed on your workstation. Under Linux an X11 server will normally already be installed, but users of OS X will typically need to install an external package such as such XQuartz. Under windows, MobaXterm comes with an X11 server, while for PuTTY users, there is Xming (download installer and extra fonts). The first time that you connect to a remote server you'll be asked to store a copy locally of its "host key", a unique identifier that allows the ssh client to verify, when connecting next time, that this is the same server.

Note that when connecting via SSH to a Compute Canada cluster you will be randomly assigned to one of several distinct login nodes used for the cluster to balance the connection load, so that you may well land on a different login node from one connection to another, e.g. cedar1, cedar5, gra-login4 or gra-login2. If you use a program like screen to manage your login sessions, you will need to make sure that you are on the same login node to open an older session, by making an SSH connection to the appropriate login node from whichever one you initially landed on. If for example I was assigned gra-login4 when I typed ssh userid@graham.computecanada.ca but I want to be on gra-login2, I can simply type ssh gra-login2 from gra-login4 to get there.

The use of Windows-based SSH clients and the more advanced topic of key pair generation are discussed in the pages below:

• Connecting with MobaXTerm
• Connecting with PuTTY
• SSH Keys
• Generating SSH keys in Windows
• Using SSH keys in Linux
• SSH tunnelling