SSH

Overview

SSH is the secure shell.  It is the primary application used to access Rivanna from the command line.  For Windows, MobaXterm is our recommended ssh client; it also provides an SFTP client and an X11 server in one package.

Mac OSX and Linux users access the cluster from a terminal through OpenSSH, which are preinstalled on these operating systems.  Open a terminal (on OSX, the Terminal application) and type

ssh -Y mst3k@rivanna.hpc.virginia.edu

where mst3k should be replaced by your user ID.  You will generally need to use this format unless you set up your user account on your Mac or Linux system with your UVA id.  Mac users will need to install XQuartz in order to use graphical applications through a shell (the -Y option will permit this).

Passwordless SSH

Sometimes you will need to enable passwordless ssh.  We allow passwordless ssh to frontend nodes from UVA IP addresses.  

Windows

In MobaXterm, click the Tools icon or menu and select MobaKeyGen.  Keep it as RSA and leave the passphrase blank.  Save the public key under a name of your choice.  MobaXterm will display the public key.  Copy this key to your clipboard.  Continue as for "All Operating Systems."

Mac OSX and Linux

Open a terminal and type 

ssh-keygen

Accept all defaults.  When it asks for a passphrase, hit Enter to keep it blank.  Open the file id_rsa.pub and copy it to your clipboard.

All Operating Systems

Log in to Rivanna,

cd .ssh

Then using a text editor, open the file authorized_keys. Append the key you copied previously.  Use the middle mouse button to paste it into the authorized_keys file.  Be sure there are no line breaks in the key.

Command-Line Transfer (Mac and Linux)

scp ~/.ssh/id_rsa.pub mst3k@rivanna.hpc.virginia.edu:~/.ssh/mykey.pub

Log in to Rivanna through a terminal, then type

cat ~/.ssh/mykey.pub >> ~/.ssh/authorized_keys

Passwordless SSH Between Nodes

If you are permitted to use passwordless ssh between Rivanna compute nodes, such as for ANSYS, follow the instructions for Mac and Linux but generate the key directly on a Rivanna frontend.  Use the cat command to append the key to your authorized_keys file.

Troubleshooting

  1. When you log in to a new host, SSH will ask whether you wish to accept the host key.  You must answer yes explicitly in order to procede.
  2. When off Grounds, you must use the UVA Anywhere VPN client in order to connect to on-Grounds resources.  If you do not, your attempt to use ssh will hang with no messages.
  3. A relatively short period of inactivity may cause ssh connections to time out.   Mac OSX and Linux users can reduce this by setting a configuration value. At the terminal change to your ~/.ssh directory
    cd ~/.ssh

    Use a text editor to create a file called config.  Place the following lines in it

    Host *
       ServerAliveInterval 60

    There should be one or more spaces at the beginning of the second line.

    MobaXterm users should see the documentation for instructions to enable KeepAlive.

  4. When in doubt, you can obtain more information by running ssh with the -v (verbose) flag.
    ssh -v -Y mst3k@rivanna.hpc.virginia.edu
  5. A common error message from SSH is when a host key changes, such as after an upgrade.  This will appear as a message containing lines such as
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
    Someone could be eavesdropping on you right now (man-in-the-middle attack)!
    It is also possible that a host key has just been changed.

    MobaXterm will typically detect this and ask whether you want to change the host key; you may answer yes.  On Mac OSX or Linux, from a terminal go to your ~/.ssh directory and use a text editor to open the file known_hosts.  Remove all lines that might refer to Rivanna.  Alternatively, just delete the entire file; it will be recreated as you log in to different hosts.