SSH stands for secure shell. It is a protocol that allows you to connect remotely to our HPC login nodes and interact with our services via the command-line. It is the primary way that most people use our services.
If you are unfamiliar with SSH and have some time, you might want to check out this LinkedIn Learning overview series.
Commonly accessed servers#
SSH from Windows, Mac, or Linux#
All modern operating systems (Mac, Windows, Linux) allow you to use SSH directly from the command-line. Locate and run the
Terminal (Mac/Linux) or Command Line (Windows) application, and use the syntax above to connect to our systems. To
Using graphical programs with SSH#
For anything besides trivial graphical usage, we recommend using Open OnDemand, our web-based portal to the HPC.
Graphical SSH from Linux#
To invoke a graphical SSH connection from a Linux workstation, add the
-Y option to the SSH command:
Graphical SSH from Mac#
To invoke a graphical SSH connection from a Mac workstation, you will need to start the XQuartz app (bundled with recent versions of OSX). Then, open the Terminal app, and use the same syntax as connecting from Linux:
Graphical SSH from Windows#
Although basic SSH functionality is supported out-of-the-box in modern versions of Windows (v10 or newer), if you want to use interactive programs with a graphical user interface over SSH on Windows, we recommend MobaXTerm.
MobaXTerm is a simple but powerful SSH client for Windows that includes graphical support. It comes in both free and paid editions. The software features a built-in X11 Windows server which is required for using graphical applications on the HPC. A detailed demonstration for how to use MobaXTerm is available on the vendor's website.
Using SSH keys#
By default, when connecting via SSH to our resources, you use your RCC password to login. However, there is a more secure and potentially more convenient way to login. To use SSH keys, you must create a keypair, which consists of two files, a private key and a public key. You then upload the public key to our servers to identify yourself, and the private key which you keep on your computer.
Never share your private SSH key with anyone, including RCC staff.
Setting up a keypair#
If you are using Windows, you will need to use Windows Powershell to complete the following steps.
If you have MobaXTerm installed, you can use this procedure to setup a keypair.
Before using SSH keys, you must generate a keypair. You can do this by opening up the Terminal (Mac/Linux) or Powershell App (Windows) and the typing the following command:
Once you type this command, you will see a message similar to the following:
You can now press Enter to continue. Then, you will see:
You may enter a prassphrase, but this is optional. If you enter a passphrase, you will be required to enter it before using your private key to connect to the server. This is not the same as password authentication; the passphrase is used to unlock your private key, and it is never transferred across the network. The benefit to using a passphrase is that it protects your private key in case anybody ever gets access to the file.
Once you complete these steps, you should see something similar to the following:
This creates two files on your computer: a public key (stored in
~/.ssh/id_rsa.pub) and a private key (
Copying your public key to the server#
Once you have created a keypair, you will now need to copy your public key to the RCC server. The following command reads your public key into memory and transfers it over SSH to the correct location in your home directory.
You will be prompted for your RCC user account password when you run this command. Once you complete this command, however, you should be able to login to the server using your key instead of a password. Try it:
If you specified a passphrase, you may be prompted for that. If you did not, you should be automatically logged in.
By the way...
Because most of our public-facing systems use a shared filesystem, you will be able to use your private key to connect to most RCC systems (HPC, parallel storage, archival storage).
Server Signature reference#
The first time that you connect to our systems, your client will ask you to confirm the host key. This is a security measure to prevent man-in-the-middle attacks. All of our public-facing systems expose the same RSA, DSA, and ECDSA keys. You can check the host key against the reference below to ensure that you are connecting to one of our servers:
The most common connection problem is for off-campus access. For security reasons, you must use the FSU VPN to connect to any of our systems from off-campus. See our documentation for how to use the VPN.
Changed Host Keys#
Very occasionally, we change the SSH keys for our systems. In the past, this occurred fairly often, but in August 2016, we implemented consistent server signatures.
When this happens, you will see a message similar to the following:
You will need to do the following:
- remove and re-add the identification key, and
- verify that you are actually connecting to the correct host.
Remove and re-add the identification key#
You will need to manually remove the host key on the client before you attempt to reconnect. Take note of the following line in the warning output in the message above:
Open the known_hosts file in your favorite text editor (hint: it's a hidden file), and remove the "offending" line. In this example,
you would open
/home/USER/.ssh/known_hosts and delete line 19.
Ensure that you are actually connecting to the correct host.#
When you attempt to reconnect, you should see a message similar to the following:
BEFORE you approve the request to connect, ensure the host key shown in the message matches one of our published server keys in the above Server Signature Reference section of this document.
If it does not, please abort the connection attempt (Ctrl + C on most systems), and contact RCC support.