Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 51 Current »

Overview

UW ARCC has changed the way you authenticate to HPC. HPC resources are now accessible using a public/private ssh key combination and certain HPC resources (including MedicineBow HPC) are only accessible through SSH with your SSH key and certificate. This makes it possible for you to authenticate on our HPCs without always needing to enter your password and approving two-factor authentication.

The diagram below shows a user with 3 SSH keys and 2 devices.

  • Each key is associated with a person’s identity and is a key to access a HPC cluster resource. It can be thought of like a key on a user’s keychain.

  • This key can be generated a number of ways, then configured on the server/HPC and any device owned by the user from which they will use SSH to access the resource.

    • ARCC Key Management Application pre-configures the key on the server/HPC resource, so that all a user needs to do is get the key from the key management app, and then configure it on their end client(s).

    • Any devices configured with a specific key will be able to access the resource as Taylor when logged into the device as Taylor.

    • Users should not configure these keys on shared devices where other device users could access them.



Generating and Managing SSH Keys with SSH Key Manager

To set up access:

  1. First, log into the OnDemand resource for the HPC you want to set up SSH keys for.

    1. For MedicineBow, log in at https://medicinebow.arcc.uwyo.edu/. Step-by-step directions for logging into MedicineBow OnDemand are available here.

    2. For WildIris, log in at https://https://wiodm01.arcc.uwyo.edu/. Step-by-step directions for logging into WildIris OnDemand are available here.

    3. For Loren Password-Free SSH Authentication instructions are different from our other HPC resources, and may be found here.

  2. Once you’re logged in, you should be presented with the HPC Dashboard. Click the following icon to set up SSH key authentication:

  3. Each key is associated with your identity, therefore you do not need to create a new key for every client you use to ssh into the HPC.

    If you haven’t set up an SSH key previously, you should see an empty screen/list with the option to generate a new a key. Click that button if you need to set up a key.

    gennewkey.png

    Doing this will create a new set of files associated with your login to the HPC.

    If you’ve already created a key previously you don’t need another one. Skip this step and download a key you’ve already generated for your account as described in the next step.

  4. Click the download button associated with the key ID for your ssh key to download them to your client/computer.

    downloadkey.png

Please be careful with these files. Do not change their permissions, put them in an insecure digital location, or share them with others. They are your “virtual keys” to log in as yourself on the HPC. If provided to or shared with others, they will be able to log into that ARCC HPC resource as you

Device Configuration

The following steps should be performed on the machine from which you typically SSH into HPC and you should configure the key on any computer you ssh to the HPC from. Further directions for configuration then depend on your preferred SSH client from that machine.
Directions for Windows, MacOS, an Linux are available below. Expand the section associated with the operating system on your local computer from which you plan to ssh into the cluster.

Windows Specific Instructions

 Windows Instructions

  1. Assuming the files you downloaded from OnDemand were placed in your Downloads folder (C:/Users/<your_username_on_the_PC>/Downloads in this example), go into your downloads folder and look for a file named with your uwyo username, and unzip that by right clicking and choosing “Extract All”

    This should create a new folder with your username.

  2. Check for a .ssh folder associated with your computer account. This should be located at C:/Users/<your_username_on_the_PC>/.ssh. (If your data is set to store on another drive, you may have a different drive letter in your path).

  3. If you do not have an .ssh folder under your Windows username, go to your start menu and search for command prompt. It should come up as a best match:

  4. Once open, type in the following command into your command prompt: ssh-keygen
    then hit Enter/Return. This will generate a public/private rsa key pair (which we will be replacing) and create your .ssh folder with appropriate permissions structure.

  5. Copy the files from the extracted folder into your .ssh folder. You will be asked if it’s ok to replace the current files in the folder. Say ‘yes’ to confirm overwriting these files.

  6. Test your access with the new key files by opening a new command prompt window and ssh’ing to the HPC with the following command replacing <username> with your UWYO or ARCC HPC username and <clustername> with the HPC name: ssh <username>@<clustername>.arcc.uwyo.edu.
    (As an example: ssh cowboyjoe@beartooth.arcc.uwyo.edu)

  7. If the key is configured correctly, you will be logged into the cluster without having to enter your password or authenticate over 2 factor.

In the event you’re unable to log in with your SSH key, go to the Windows SSH Key Configuration page and check out our Troubleshooting section.

Mac Specific Instructions

 Mac Instructions

  1. Unzip the files associated with your login.

  2. Open your terminal (finder.pnggo.pngutilities.pngterminal.png or hit terminalkeys.png keys)

  3. Confirm you’re in your home directory by changing directories to your home with the following command: cd ~

  4. List the contents (including hidden items) of your home directory with the following command: ls -lah

  5. If you have a .ssh directory, it will be in this list. If you don’t have one, you will need to create one with: mkdir ~/.ssh

  6. Unzip the newly downloaded SSH keys to your .ssh folder: unzip ~/Downloads/<username>.zip -d ~/.ssh

  7. If your key has been configured properly, when you open a terminal and log into the cluster, you will be logged in automatically, and will not be prompted for a password (first factor), nor second factor authentication for login.

Linux Specific Instructions

 Linux Instructions

  1. Unzip the files associated with your login to your .ssh folder:

    unzip <username>.zip -d ~/.ssh/
  2. Test your configuration. If If configured properly, you will be logged in automatically, and will not be prompted for a password (first factor), nor second factor authentication for login.

Note: If you run into permissions errors on the key files (usually errors will take the form of something similar to: "permission 0### too open") we recommend running the following commands then reattempting to ssh using your key files.

chmod 0600 -R ~/.ssh              #sets appropriate permissions for the .ssh private keys 
ssh-add                           #configures ssh agent for certs when not natively supported

Links to Directions for specified clients and OS configurations:


Prior directions for Cyberduck on MacOS - Replace references to WildIris with MedicineBow or Beartooth.
Prior directions for MobaXTerm on Windows
Windows Subsystem Linux (pending)

  • No labels