Connecting to Snellius
The connection through Snellius is made using the SSH protocol, which encrypts all the data and passwords that are exchanged between your own PC and the HPC system. The way to connect depends on the type of local system that you use.
In all cases you access Snellius through one of the login nodes. This is a set of publicly accessible nodes that you use as stepping stone to work with the batch system and compute nodes.
No long-running processes on login nodes
The login nodes are primarily meant for preparing and submitting jobs, checking on the status of your running jobs, and copying data to and from the HPC systems. The login nodes are not meant for running compute jobs, or even testing compute jobs! Such processes would hinder the other users of the login nodes. To aid in keeping the login nodes usable for all users there is an automatic cleanup active on the login nodes that will kill processes that take up too much CPU time and/or too much memory.
Windows
First, you need to install an SSH client. The most convenient application is MobaXterm, as it also includes options for transferring files using an SFTP (SSH File Transfer Protocol) file browser and redirecting the graphical output from the HPC system to your local PC - we'll get to those options later. Alternatively, you can use Putty (a very basic SSH client) in combination with a seperate FTP client like FileZilla and a seperate X server application like xming to redirect graphical output. If you want to redirect graphical output using Putty, you also need to check the option 'Enable X11 forwarding' under Windows => Category => Tunnels.
Here, we will assume that you use MobaXterm.
Start MobaXTerm, go to Session => SSH and under remote host type fill in
snellius.surf.nl
Fill in your username and click ok (leave the port at 22). Now, a terminal window will open.
When connecting to the system for the first time, SSH will ask you to verify the ED25519 or RSA key fingerprint. Then, you will be asked for your password. Note that you will not see anything as you type your password, but the terminal does in fact register your keystrokes. If you have forgotten your password, have a look here, on how to reset it.
Apple
Open the 'Terminal' application (using the launchpad or in Finder from Application => Utilities => Terminal). In that terminal window, type
ssh <username>@snellius.surf.nl
When connecting to the system for the first time, SSH will ask you to verify the ED25519 or RSA key fingerprint. Then, you will be asked for your password. Note that you will not see anything as you type your password, but the terminal does in fact register your keystrokes.
To redirect any graphics output from the HPC system to your own system, you'll need an X-server like XQuartz. Download and install it. Then, login to the HPC system using (note that X is capitalized).
ssh -X <username>@snellius.surf.nl
Now, if you open a graphical window on Snellius, it will display on the screen of your own PC. You can test this by executing the command
xeyes
on the HPC system, which should give you a window with two eyes following your mouse pointer. Note, you may need to Enable allow connections from clients in XQuartz (which can be enabled in Preferences → Security) as well as setting the local environment variable (export DISPLAY=:0).
Linux
Open a terminal window (for Ubuntu users: under Accessories - Terminal) and type
ssh <username>@snellius.surf.nl
If the ssh command cannot be found, you need to install the ssh-client. For Ubuntu users:
sudo apt-get install openssh-client
When connecting to the system for the first time, SSH will ask you to verify the ED25519 or RSA key fingerprint. Then, you will be asked for your password. Note that you will not see anything as you type your password, but the terminal does in fact register your keystrokes. To redirect any graphics output from Snellius to your own system, you'll need an X-server like XQuartz. Download and install it. Then, login to the system using (note that X is capitalized)
Password-less login
You can use an RSA key-pair for loging in to a system without using a password. You will only need to enter a passphrase once during the first session . To set this up, you need to
- Generate a key-pair on your local machine.
- Copy the public key to the SURFcua portal.
- Add the private key to the SSH agent, so you only need to add your passphrase once per session.
Generate Keys manually (Linux, Mac, Windows + WSL)
Generate key pair
First, open a terminal window on your local machine and issue the following command
ssh-keygen -t ed25519
to generate a key-pair consisting of a private and a public key. You will be asked in which file you want to store the file, just press enter to use the default (that is, the private key will be stored in $HOME/.ssh/id_ed25519 and the public key in $HOME/.ssh/id_ed25519.pub). Then, you will be asked to choose a passphrase to keep the private key safe (the public key can safely be shared - in fact, you're meant to share it).
Copy the public key to SURF portal
To get the public key, type on your local machine
cat ~/.ssh/id_ed25519.pub
The key starts with ssh-rsa then contains a long string of random characters, and ends with some identification of where it was created. Copy the whole key, i.e. starting with ssh-rsa and including the indentification of where it was created. Now, login on the SURF portal, go to 'Public ssh keys' and click 'add key'. Paste your public key in the SSH key field, and enter the password corresponding to your login in the CUA password field.
Add private key to local SSH agent
With the key in the SURF portal, the HPC system will authenticate you using the key-pair, rather than your password. However, now, your local PC will ask you for the passphrase every time you want to use the private key to authenticate. That doesn't help much - yet. To have password-less login, you have two options: either you don't enter a passphrase when generating the key-pair - not the safest solution - or you use the local SSH agent to store your passphrase for the duration of the login session on your workstation.
To add the key to the local SSH agent, open a new terminal on your local machine and type
ssh-add ~/.ssh/id_ed25519
If you get an error “Could not open a connection to your authentication agent”, you may need to start the ssh-agent first (using eval `ssh-agent -s` for a bash shell or eval `ssh-agent -c` for a c-shell).
Finally, to make your life even easier, you can add the key to the SSH agent automatically, by adding
Host *
AddKeysToAgent yes
to the $HOME/.ssh/config file on your local machine.
Now, your local PC should only ask you for the passphrase once per session (i.e. until you logout of your local machine).
Generate key-pairs on the cluster
The use of key-pairs can also be applied on the cluster and will allow you to ssh to different nodes without the use of passwords. Besides it is needed for some programs to work over multiple nodes. After you login to the HPC system use the
ssh-keygen -t ed25519
command to generate a key-pair. You will be asked in which file you want to store the file, just press enter to use the default. Then, you will be asked to choose a passphrase, because some programs use the key-pair while connecting to other nodes, do not to enter a passphrase, and keep it empty. After the generation is complete, change your working folder by typing
cd ~/.ssh/
Next we need to copy the public key, type
cat id_ed25519.pub
and copy the whole key, starting with ssh-ed25519 including the identification. Next we are going to add the public key to a file called authorized_keys. You can do this (for example using the text editor vi) by typing
vi authorized_keys
then paste the key. Please confirm you have the whole key pasted. Press escape and then type
:wq
and press enter. Note that you have to start with the colon (:) in the last command. You can check if authorized_keys saved correctly by typing
cat authorized_keys
Generate Key Pair with MobaXterm (Windows)
MobaXterm has a very easy way for setting up connections using SSH keys. This is explained in this HOWTO: