Newer
Older
Connecting via terminal works on every operating system. For Linux and Mac operating systems
no additional software is required. For users of a Windows OS a recent version of Windows is
required (Windows 10, Build 1809 and higher). It is possible to use
[Command Prompt](https://en.wikipedia.org/wiki/Cmd.exe) or [PowerShell](https://en.wikipedia.org/wiki/PowerShell)).
Ensure that [OpenSSH](https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/factoryos/connect-using-ssh?view=windows-10)
is installed on the system.
SSH establishes secure connections using authentication and encryption. The login nodes accept
the following encryption algorithms: `aes128-ctr`, `aes192-ctr`, `aes256-ctr`,
`aes128-gcm@openssh.com`, `aes256-gcm@openssh.com`, `chacha20-poly1305@openssh.com`,
`chacha20-poly1305@openssh.com`.
## Before Your First Connection
We suggest to create an SSH key pair before you work with the ZIH systems. This ensures high
connection security.
```console
marie@local$ mkdir -p ~/.ssh
marie@local$ ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
Generating public/private ed25519 key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
[...]
```
Type in a passphrase for the protection of your key. The passphrase should be **non-empty**.
Copy the **public key** to the ZIH system (Replace placeholder `marie` with your ZIH login):
marie@local$ ssh-copy-id -i ~/.ssh/id_ed25519.pub marie@login2.barnard.hpc.tu-dresden.de
The authenticity of host 'barnard.hpc.tu-dresden.de (141.30.73.104)' can't be established.
RSA key fingerprint is SHA256:HjpVeymTpk0rqoc8Yvyc8d9KXQ/p2K0R8TJ27aFnIL8.
Are you sure you want to continue connecting (yes/no)?
```
Compare the shown fingerprint with the [documented fingerprints](key_fingerprints.md). Make sure
they match. Then you can accept by typing `yes`.
!!! note "One `ssh-copy-id` command for all clusters"
Since your home directory, where the file `.ssh/authorized_keys` is stored, is available on all HPC
systems, this task is only required once and you can freely choose a target system for the
`ssh-copy-id` command. Afterwards, you can access all clusters with this key file.
??? info "ssh-copy-id is not available"
If `ssh-copy-id` is not available, you need to do additional steps:
```console
marie@local$ scp ~/.ssh/id_ed25519.pub marie@login2.barnard.hpc.tu-dresden.de:
The authenticity of host 'barnard.hpc.tu-dresden.de (141.30.73.104)' can't be established.
RSA key fingerprint is SHA256:Gn4n5IX9eEvkpOGrtZzs9T9yAfJUB200bgRchchiKAQ.
Are you sure you want to continue connecting (yes/no)?
```
After that, you need to manually copy the key to the right place:
```console
marie@local$ ssh marie@login2.barnard.hpc.tu-dresden.de
marie@login.barnard$ mkdir -p ~/.ssh
marie@login.barnard$ touch ~/.ssh/authorized_keys
marie@login.barnard$ cat id_ed25519.pub >> ~/.ssh/authorized_keys
```
### Configuring Default Parameters for SSH
After you have copied your key to the ZIH system, you should be able to connect using:
```console
marie@local$ ssh marie@login2.barnard.hpc.tu-dresden.de
```
However, you can make this more comfortable if you prepare an SSH configuration on your local
workstation. Navigate to the subdirectory `.ssh` in your home directory and open the file `config`
(`~/.ssh/config`) in your favorite editor. If it does not exist, create it. Put the following lines
in it (you can omit lines starting with `#`):
HostName login1.barnard.hpc.tu-dresden.de
#Put your ZIH-Login after keyword "User":
User marie
#Path to private key:
IdentityFile ~/.ssh/id_ed25519
#Don't try other keys if you have more:
IdentitiesOnly yes
#Enable X11 forwarding for graphical applications and compression. You don't need parameter -X and -C when invoking ssh then.
ForwardX11 yes
Compression yes
Host dataport
#For copying data without shell access
HostName dataport1.hpc.tu-dresden.de
#Put your ZIH-Login after keyword "User":
User marie
#Path to private key:
IdentityFile ~/.ssh/id_ed25519
#Don't try other keys if you have more:
IdentitiesOnly yes
```
Afterwards, you can connect to the ZIH system using:
```console
If you want to copy data from/to ZIH systems, please refer to the documentation
[Dataport Nodes: Transfer Data to/from ZIH's Filesystems](../data_transfer/dataport_nodes.md)
for more information on Dataport nodes.
In the above `.ssh/config` file, the HPC system `Barnard` is chosen as an example.
The very same settings can be made for individuall or all ZIH systems, e.g. `Alpha`, `Julia`,
`Romeo` etc.
## X11-Forwarding
If you plan to use an application with graphical user interface (GUI), you need to enable
X11-forwarding for the connection. If you use the SSH configuration described above, everything is
already prepared and you can simply use:
```console
```
If you have omitted the last two lines in the default configuration above, you need to add the
option `-X` or `-XC` to your SSH command. The `-C` enables compression which usually improves
usability in this case:
```console
```
!!! info
Also consider to use a [DCV session](desktop_cloud_visualization.md) for remote desktop
visualization at ZIH systems.