SSH (Secure Shell) is the main tool to connect to the PALMAII HPC cluster and ensures an encrypted connection to the system. SSH can be configured to allow for password and/or public key authentication. Public key authentication is the only method to connect to the system. It requires a so called SSH key pair comprised of two matching parts – a public and a private key. The public key is installed on the remote system. The private key remains on your local machine.

You have to create a key pair using your own SSH program (see how-to guides below) and upload the public key to our servers. This can be done in the IT Portal under:

Passwords and PINs → Public SSH keys

If you already uploaded a key in the IT Portal before (for other purposes) you don't need to upload another one.

If you want to access the cluster from different systems (workstation, mobile etc.), you can either copy your private key from one system to the other or create a different key pair on each system and upload all public keys.

How to create an SSH key pair

Linux/MacOS (OpenSSH)

Open a terminal on your local system and use the ssh-keygen command as shown below to create an RSA 4096 bit encrypted SSH key pair. During key generation you have to enter a password which protects your key. This should not be the same as your general WWU password!

$ ssh-keygen -t rsa -b 4096 -f $HOME/.ssh/id_rsa_palma
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): ********
Enter same passphrase again: ********
Your identification has been saved in /home/user/id_rsa_palma.
Your public key has been saved in /home/user/id_rsa_palma.pub.
The key fingerprint is:
SHA256:A/CBLktfNxTQYX7ui9rPoKBOKgiua8hu1XUa9cAcugP user@host
The key's randomart image is:
+---[RSA 4096]----+
|       .X+  ..=*o|
|      .* *o. .o..|
|   E..o B ..   ..|
|.. ....+ o     ..|
|*..  o  S .     .|
|=+  . .  .    ...|
|=    +   o   . ..|
|..  + . . = .    |
|  .. . .   +     |
+----[SHA256]-----+

Here we created a private and public key pair called id_rsa_palma and id_rsa_palma.pub, respectively, which are saved to the folder /home/user/.ssh/ .

After uploading the public key at the IT Portal, you can  login on PALMA via the following command:

ssh -i ~/.ssh/id_rsa_palma username@palma.uni-muenster.de


Windows

OpenSSH (since Windows 10, April Update 2018)

Windows 10 supports a native SSH client. This client is only available if  the optional feature OpenSSH Client is installed:

  • Open Settings, select Apps > Apps & Features, then select Optional Features.
  • Scan the list to see if the OpenSSH is already installed. If not, at the top of the page, select Add a feature, then find OpenSSH Client, then click Install

After this the ssh and ssh-keygen commands are available and can be used. To generate a private/public key pair, open the Command Prompt (cmd.exe) and follow these steps:

First create a new folder called .ssh

C:\Users\Username>mkdir .ssh

Then, use the ssh-keygen command as shown below to create an RSA 4096 bit encrypted SSH key pair. During key generation you have to enter a password which protects your key. This should not be the same as your general WWU password!

C:\Users\Username>ssh-keygen -t rsa -b 4096 -f %homepath%\.ssh\id_rsa_palma
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in \Users\Username\.ssh\id_rsa_palma.
Your public key has been saved in \Users\Username\.ssh\id_rsa_palma.pub.
The key fingerprint is:
SHA256:Oea4evZy02zotPoy3bLUjzvu0S1tOWfbdi82cZKJr2s username@DESKTOP
The key's randomart image is:
+---[RSA 4096]----+
|                 |
|                 |
|                 |
|         .       |
|        S    . o |
|       + .  ..=oo|
|      ...= ...o**|
|      *o*.* Eo=+B|
|    .+oXB* +BB.==|
+----[SHA256]-----+

Here we created a private and public key pair called id_rsa_palma and id_rsa_palma.pub, respectively, which are saved to the folder \Users\Username\.ssh\ .

After uploading the public key at the IT Portal, you can  login on PALMA via the following command:

ssh -i %homepath%\.ssh\id_rsa_palma username@palma.uni-muenster.de

PuTTY

Alternatively, SSH key pairs can be generated with the tool PuTTYgen:

  • Select: Type of key to generate: RSA (the default)
  • Fill in: Number of bits in a generated key: 4096
  • Press: Generate
  • Fill in: your key passphrase (do not leave this empty!)
  • Fill in: confirm your passphrase
  • Press: Save private key
  • Press: Save public key
  • Please remember the path name where you saved your SSH key files!
  • Upload your public key in the IT Portal under:

    Passwords and PINs → Public SSH keys

  • Create a connection in PuTTY. Enter the private key in Connection → SSH → Auth


PuTTY and related tools use a special key file format. If you also want to use the same private key just generated above for connecting with ssh (OpenSSH), rsync, or scp (as available in Cygwin, for example), you need to convert and to save the private key again under a different name or location ("Conversions" (main menu) → "Export OpenSSH key" ... "Save").

Accessing PALMA from outside the university

PALMA is currently reachable world-wide. Since this will probably change in the future for security reasons, we recommend to use our SSH jumphosts to access PALMA already now. You can find the documentation on how to use the jumphosts here (German version): https://www.uni-muenster.de/IT/services/arbeitsplatz/jumphost/index.html and here (English version): https://www.uni-muenster.de/IT/en/services/arbeitsplatz/jumphost/index.html

An entry in your $HOME/.ssh/config could look like (replace $USERNAME with your account name):

Host palma
        User $USERNAME
        HostName palma.uni-muenster.de
        IdentityFile ~/.ssh/id_rsa_palma
        ProxyJump $USERNAME@sshjump.uni-muenster.de


  • No labels