How do I work remotely using SSH?
The RC servers and clusters are accessible without the need of the VPN by tunneling through Zelus (more on that below). This allows people with less stable connections to use the machines without having to be concerned about being booted every few minutes as their internet and the VPN fail to play nicely. Additionally, there are several tasks the RC machines are used for that are very well fitted to simply connecting via SSH instead of setting up the VPN.
If you haven't tried to connect with the VPN already (preferred method), refer to Remote VPN connection instead.
Getting Ready
Do I still need the VPN?
You do not need the VPN in any capacity to connect to RC machines. However, there will be an additional step to connecting: tunneling through Zelus to reach other RC servers and clusters (more on that next).
What is SSH? What is tunneling? What is a jump host?
SSH stands for Secure SHell, which means it is a secure connection to a server or cluster.
Tunneling, or jumping, is shorthand for SSH Tunneling, which is the act of connecting to a server or cluster.
A jump host is a machine can be jumped to, and which allows the user to jump to other hosts not publicly available (in this case, not without the VPN).
What needs to be installed on my computer?
If your computer uses Windows 10 or newer, it is highly recommended to install MobaXTerm - it is an application that provides a terminal window with a CLI that acts exactly like Linux and MacOS. Download for free from https://mobaxterm.mobatek.net/download.html
If your computer uses Linux or MacOS, nothing needs to be installed, just find and boot the "Terminal" application.
Remote SSH Connections
With the VPN: Connecting to any RC System
When using the VPN, it is possible to connect a local machine to a remote RC machine, such as Coeus, with an example below.
$ ssh sw23@login2.coeus.rc.pdx.edu
With or without the VPN: Using the Jump Host Zelus
However, without the VPN, there is an in-between step: tunneling through Zelus. When authenticating to Zelus using your Odin password, you will need to use Duo two factor authentication. More information on how to configure and use Duo can be found here . The below shows connecting from a local machine to Zelus to Coeus.
$ ssh sw23@rc.pdx.edu
<if using a password instead of an SSH key, you will need to respond to a Duo push notification here>
[sw23@zelus ~]$ # I am on Zelus now!
[sw23@zelus ~]$
[sw23@zelus ~]$ ssh sw23@login2.coeus
[sw23@login2 ~]$ # I am on Coeus' login node 2 now!
Zelus is the server rc.pdx.edu (or zelus.rc.pdx.edu), and it allows connection to the other RC machines through it. When already connected to Zelus, the rc.pdx.edu extension of the servers is implied, but can be left on.
Passwordless SSH
Passwordless SSH is where a server remembers a machine that has connected to it and does not need to ask the user for the password. It is the preferred method (more secure and faster) when connecting to RC Systems.
To get this set up, follow the instructions below.
Create a key
This will ask for a passphrase to use - hit the Enter key to leave it blank, and Enter again to confirm that it is blank.
$ ssh-keygen
Copy that key to a server
Here is the general format of this command.
$ ssh-copy-id { Odin Username }@{ Remote Host }
Here is an example.
$ ssh-copy-id sw23@rc.pdx.edu
Passwordless SSH is set up!
This local machine can connect to a remote machine without needing to enter a password. There is an example below that shows the lack of password dialog.
$ ssh sw23@rc.pdx.edu
[sw23@zelus ~]$
For ease of use, repeat this process on Zelus to all of the other used RC machines; however, you should not create a new key, just copy it to the other various systems.
X11 Forwarding: How to open windowed applications
What is a GUI? What is a CLI?
A GUI is a Graphical User Interface, and these are the various windows a computer can open, like a browser.
A CLI is a Command Line Interface, which is what the RC Linux machines use, where the interface is a text terminal without buttons or graphics.
What is X11 Forwarding?
To boot a GUI from the CLI, the connection needs to have X11 Forwarding enabled, which means it can forward GUIs through the connection.
Enable X11 Forwarding
Add the -X option to the ssh command, as illustrated below. If the computer uses MacOS, install XQuartz and leave it running while using the below.
$ ssh sw23@rc.pdx.edu -X
Testing X11 Forwarding
To verify that X11 Forwarding has the successfully configured, try the below - a little GUI clock should pop out as a window. If xclock is not installed, boot firefox.
$ ssh sw23@rc.pdx.edu -X
[sw23@zelus ~]$ xclock
If Zelus (rc.pdx.edu or zelus.rc.pdx.edu) is being used as a jump host, be sure to add -X to the Zelus connection and the destination host's connection. An example of this is shown below.
$ ssh sw23@rc.pdx.edu -X
[sw23@zelus ~]$ ssh sw23@login2.coeus -X
[sw23@login2 ~]$ xclock
Interactive Sessions with GUIs
There is some software that only really works with a GUI, such as RStudio. Here is a guide for the best way to utilize these on RC systems - this assumes the previous section, X11 Forwarding, has already been read.
Agamede, Circe, and Hecate
Agamede, Circe, and Hecate are very straighforward: log into those machines with X11 Forwarding enabled, load the module, and boot the GUI. There is an example of this below that tunnels through Zelus to Agamede.
$ ssh sw23@rc.pdx.edu -X
[sw23@zelus ~]$ ssh sw23@agamede -X
[sw23@agamede ~]$ module load General/rstudio/1.1.463
[sw23@agamede ~]$ rstudio
Coeus Cluster
Coeus is not as simple as Agamede, Circe, and Hecate. Instead of being a very powerful server, it is a cluster with login nodes. That means that login1 and login2 are not to be used for intensive work or GUIs. Instead, allocate a node and tunnel into it. There is an example of this on Coeus below which tunnels through Zelus to Coeus.
$ ssh sw23@rc.pdx.edu -X
[sw23@zelus ~]$ ssh sw23@login2.coeus -X
[sw23@login2 ~]$ salloc --partition=short
salloc: NOTICE: Interactive jobs are limited to 4 hours. Setting new runtime to 4 hours.
salloc: Granted job allocation 5795845
salloc: Nodes compute127 are ready for job
[sw23@login2 ~]$ ssh sw23@compute127 -X
[sw23@compute127 ~]$ module load General/rstudio/1.1.463
[sw23@compute127 ~]$ module load R/3.6.1/gcc7.2.0
[sw23@compute127 ~]$ rstudio
# . . . Do some work
[sw23@compute128 ~]$ exit
logout
Connection to compute127 closed.
[sw23@login2 ~]$ exit
exit
salloc: Relinquishing job allocation 5413330
[sw23@login2 ~]$ exit
logout
Connection to login2.coeus closed.
[sw23@zelus ~]$ exit
logout
Connection to rc.pdx.edu closed.
When allocating a partition, short would be ideal; alternatively, medium would work as well.
Again, be sure to use the exit command to close connections - this will automatically unallocate the compute node and close the connections for you.
Zelus (rc.pdx.edu)
Do not use Zelus for anything besides jumping through to get around the VPN.
Addendum: Port Forwarding
Some software may require port forwarding to work properly; however, this requirement is very infrequent on the RC systems' various software installations.
How is port forwarding used?
Port forwarding is used to connect something on one machine to another and have it act like its on the first machine.
Case Study: Jupyter Notebook Servers
Jupyter Notebooks are programs that are ran on a local machine to view and edit files, and write Notebooks. To use a Juptyer Notebook on a remote machine, it is necessary to port forward the remote output browser port to the local browser. This process is illustrated in several steps. Note that this process has been automated for Jupyter Notebooks with the boot_jupyter_servers.sh script (more on that here).
This example illustrates port forwarding from Coeus, through Zelus, to the local machine.
Determine a port
First, an available port on the remote machine must be selected. To do that, use the command below, which will print an available port for use.
[sw23@login2 ~]$ shuf -i8000-9999 -n1
8591
Build the SSH commands and forward the port
Next, plug the port information into the SSH command below to connect and forward the port from the local machine to Zelus.
$ ssh -L 8591:localhost:8591 sw23@rc.pdx.edu
[sw23@zelus ~]$
Once the port is being forwarded from Zelus to the local machine, use the below SSH command to forward the port from Coeus' login2 node to Zelus, as shown below.
[sw23@zelus ~]$ ssh -L 8591:login2:8591 sw23@login2.coeus.rc.pdx.edu
[sw23@login2 ~]$
Note: To port forward a compute node, allocate a node and replace login2 is in the left argument with that node's name.
The port forwarding is now configured from the local machine through Zelus and to Coeus' login2 node.
Start the Notebook and connect via a local browser
To start a Jupyter Notebook server, a Python module with the Jupyter package must be loaded.
[sw23@login2 ~]$ module load Python/gcc/3.7.5/gcc-6.3.0
Next, start the Notebook, specifying both the port and the node it runs on, as well as telling it not to open a browser on Coeus (since it is being forwarded to the local machine's browser). The rest of the below is all dialog from the Notebook server.
[sw23@login2 ~]$ jupyter-notebook --port=8591 --ip=login2 --no-browser
[I 14:14:04.601 NotebookApp] Serving notebooks from local directory: /home/sw23
[I 14:14:04.601 NotebookApp] The Jupyter Notebook is running at:
[I 14:14:04.602 NotebookApp] http://login2:8591/?token={ Redacted for security purposes. }
[I 14:14:04.602 NotebookApp] or http://127.0.0.1:8591/?token={ Redacted for security purposes. }
[I 14:14:04.602 NotebookApp] Use Control-C to stop this server and shut down all kernels (twice to skip confirmation).
[C 14:14:04.613 NotebookApp]
To access the notebook, open this file in a browser:
file:///home/sw23/.local/share/jupyter/runtime/nbserver-8567-open.html
Or copy and paste one of these URLs:
http://login2:8591/?token={ Redacted for security purposes. }
or http://127.0.0.1:8591/?token={ Redacted for security purposes. }
Open the link at the very bottom of the dialog and it will have the Notebook running on Coeus' login2 node appear in the local machine's browser.