¶ Logging into the Cluster
¶ Things you need
- An active allocation in Elpis. Need Help with requesting an allocation?
- A SSH Keypair Need help with generating ssh keys?
- A Signed Public Key from Elpis Need help with key signing?
¶ Anyone Using Windows Needs to Run this Command
The OpenSSH Authentication Agent service is disabled by default on Windows. You will need to start the service to log in to the cluster.
Open a PowerShell window as an administrator (right-click the powershell icon and click Open As Administrator) and type the following command:Set-Service -Name ssh-agent -StartupType Automatic -Status RunningThis will start the service and set it to start up when you log into Windows.
If you do not have the access rights to perform this task, please open a ticket with IIT.
Close the administrator window when done.
¶ Terminal/Powershell Instructions
Locate your signed public key and private key. You will need to know either the directory path or cd into the directory containing your keys. To get into the default directory:
cd ~/.ssh
All of your keys need to be in the same directory, and have the following filenames. Make sure to replace username with your gsu-campusid.
Mac does not allow you to move or copy the original id_username and id_username.pub
id_username for your private key
id_username.pub for the public key
id_username-cert.pub for the signed certificate from elpis.
Once you have found your keys, use:
ssh-add ~/.ssh/id_username
If you are using a Mac, add the following flag to the ssh-add command so the agent persists between terminal sessions.
ssh-add --apple-use-keychain ~/.ssh/id_username
On Windows, press TAB before pressing enter to resolve the pathname to your home directory.
You should see the following output:
ssh-add ~\.ssh\id_username
Identity added: ~\.ssh\id_username (C:\Users\username\.ssh\id_username)
Certificate added: ~\.ssh\id_username-cert.pub (vault-clientrole-token-longstringofgibberishthathelpsrepresentyoursignedkey)
If you don't see certificate added make sure that you have the id_{username}-cert.pub in the same directory as the other two keys and try again.
If you see Error connecting to agent and you are using Windows then ensure that you followed the instructions at the top of the page.
¶ SSH Config File Entry
You can use a config file in the .ssh directory to store this information.
If ~/.ssh/config doesn't exist, you can create it with the following command:
Windows
New-Item ~/.ssh/config
Mac/Linux
touch ~/.ssh/config
Open ~/.ssh/config with a text editor and add the following entry to the file: username is the campusid
Host arclogin.rs.gsu.edu
User username
ForwardAgent yes
Mac users will need to add additional lines to put the keys in their keychain.
Host arclogin.rs.gsu.edu
User username
ForwardAgent yes
UseKeyChain yes
AddKeysToAgent yes
Then it is just ssh arclogin.rs.gsu.edu to log in to the system. It will ask for duo authentication once you run the command. You can choose any option 1 or 2 to login.
% ssh arclogin.rs.gsu.edu
Duo two-factor login for stimsina
Enter a passcode or select one of the following options:
1. Duo Push to XXX-XXX-5798
2. Phone call to XXX-XXX-5798
Passcode or option (1-2):
Download Putty 0.78
You MUST use version 0.78 or above to use OpenSSH Certificates.
Pageant does not remember it's previous state. You will need to re-add the .ppk file with certificate every time a new Pageant session is started.
- Open PuttyGen (included with PuTTY) and import your OpenSSH private key (.ssh/id_{username})
- Add the certificate via Key -> Add Certificate
- Save the key with certificate as id_{username}.ppk
- Open Pageant (included with putty). It will appear in your taskbar. You will need to repeat this step every time your computer restarts.
- Click add key and select the id_{username}.ppk we just created. You will need to repeat this step every time your computer restarts.
- In PuTTY, for HostName use arclogin.rs.gsu.edu port 22
6-putty.png - In Connection/Auth, check Allow Agent Forwarding
- In Connection/Auth/Credentials, add your private key .ppk file we created.
- Under Connection/Data, set the autologin username to your username.
- Click Connect
You will need Putty 0.78 in addition to MobaXTerm as MobaXTerm's native ssh agent does not support OpenSSH Certificates.
SCP File explorer does not currently function via arclogin.
Pageant does not remember it's previous state. You will need to re-add the .ppk file with certificate every time a new Pageant session is started.
- Open PuttyGen (included with PuTTY) and import your OpenSSH private key (.ssh/id_{username})
- Add the certificate via Key -> Add Certificate
- Save the key with certificate as id_{username}.ppk
- Open Pageant (included with putty). It will appear in your taskbar. You will need to repeat this step every time your computer restarts.
- Click add key and select the id_{username}.ppk we just created. You will need to repeat this step every time your computer restarts.
- Open MobaXTerm Settings -> Configuration and go to the SSH Tab.
- Disable "Enable graphical SSH-Browser", "Use internal SSH agent 'MobAgent'" and enable "Use external Pageant"
- Set Default login to your username.
- Click Session, SSH, and set remote host to arclogin.rs.gsu.edu, check specify username.
- Under Advanced SSH Settings, open Expert SSH Settings and enable Allow agent forwarding.
- Connect to the session.