Wiki DIFA

Strumenti Utente

Strumenti Sito

Ti trovi qui: start » oph » cluster » access
oph:cluster:access

Differenze

Queste sono le differenze tra la revisione selezionata e la versione attuale della pagina.

Link a questa pagina di confronto

Entrambe le parti precedenti la revisioneRevisione precedente
Prossima revisione		Revisione precedente
oph:cluster:access [2025/01/31 17:27] – [Step 1: Connecting to the cluster] diego.zuccato@unibo.itoph:cluster:access [2025/02/20 11:31] (versione attuale) – Rimosso ophfe3 dall'esempio di configurazione di ~/.ssh/config mario.petroli@unibo.it
Linea 33: Linea 33:
  
 There are **multiple independent Frontend Login Nodes:** There are **multiple independent Frontend Login Nodes:**
-  * ''137.204.165.41'' (ophfe1+  * ophfe1 (137.204.165.41) 
-  * ''137.204.165.42'' (ophfe2)+  * ophfe2 (137.204.165.42
 +  * ophfe3 (137.204.165.43**reserved -- VM for some special tasks**
  
-The **connection procedure** requires the use of the [[https://fisica-astronomia.unibo.it/it/dipartimento/servizi-tecnici-e-amministrativi/servizi-tecnici-informatici/servizi-informatici/servizio_bastion|Bastion's SSH host service]], that allows 'mediated' ssh access to resources on the department's network, avoiding direct external exposure of services and drastically improving network security. To connect from the terminal use the following syntax:+The **connection procedure** requires the use of the bastion, that allows 'mediated' ssh access to resources on the department's network, avoiding direct external exposure of services and drastically improving network security. To connect from the terminal use the following syntax:
  
   *** STAFF MEMBERS** with e.g. UniBo email address ''donald.duck7@unibo.it'' can connect to the cluster with the command:<code>   *** STAFF MEMBERS** with e.g. UniBo email address ''donald.duck7@unibo.it'' can connect to the cluster with the command:<code>
-  ssh -J donald.duck7@137.204.165.34 donald.duck7@137.204.165.41+  ssh -J donald.duck7@bastion-nav.difa.unibo.it donald.duck7@ophfe1
 </code> </code>
  
   *** STUDENTS** with e.g. UniBo email address ''mickey.mouse4@studio.unibo.it'' can connect to the cluster with the **same command**:<code>   *** STUDENTS** with e.g. UniBo email address ''mickey.mouse4@studio.unibo.it'' can connect to the cluster with the **same command**:<code>
-  ssh -J mickey.mouse4@137.204.165.34 mickey.mouse4@137.204.165.41+  ssh -J mickey.mouse4@bastion-nav.difa.unibo.it mickey.mouse4@ophfe1
 </code> </code>
 followed by their UniBo institutional password (twice). followed by their UniBo institutional password (twice).
  
-This will do a two-step connection, first to 137.204.165.34 which is the **bastion host**, then to the cluster frontend. To avoid specifying it every time, you can simply add the following lines to ''~/.ssh/config'':+This will do a two-step connection, first to bastion-nav.difa.unibo.it (137.204.165.34which is the **bastion host**, then to the specified cluster frontend. To avoid specifying it every time, you can simply add the following lines to ''~/.ssh/config'':
   Host bastion-nav   Host bastion-nav
-    Hostname 137.204.165.34+    Hostname bastion-nav.difa.unibo.it
     User     your.loginname     User     your.loginname
      
-  Host 137.204.165.41 137.204.165.42 137.204.165.43 +  Host ophfe1 ophfe2
     User      your.loginname     User      your.loginname
     ProxyJump bastion-nav     ProxyJump bastion-nav
  
-After having added such lines, you can simply use ''ssh 137.204.165.41'' as usual.+After having added such lines, you can simply use ''ssh ophfe1''.
  
 <WRAP round important 100%>For some users in PERSONALE their account does not match the mail address (so called "cambio UPN"). It's always possible to use: <WRAP round important 100%>For some users in PERSONALE their account does not match the mail address (so called "cambio UPN"). It's always possible to use:
-  ssh -l mail.address@unibo.it 137.204.165.41+  ssh -l mail.address@unibo.it ophfe1
 or even: or even:
-  ssh mail.address@unibo.it@137.204.165.41+  ssh mail.address@unibo.it@ophfe1
 </WRAP> </WRAP>
 'User' line in ''~/.ssh/config'' also accepts the mail address. 'User' line in ''~/.ssh/config'' also accepts the mail address.
  
 Graphic windows require a connection with X11 forwarding, which can be established with the ''ssh'' options ''-X'' and/or ''-Y'' (rarely needed, **might expose your client to attacks**:!:). In general, connecting with: Graphic windows require a connection with X11 forwarding, which can be established with the ''ssh'' options ''-X'' and/or ''-Y'' (rarely needed, **might expose your client to attacks**:!:). In general, connecting with:
-<WRAP center 40%>''ssh -X albert.einstein9@137.204.165.41''</WRAP>+<WRAP center 40%>''ssh -X albert.einstein9@ophfe1''</WRAP>
 is enough to use graphical tools. is enough to use graphical tools.
  
Linea 86: Linea 87:
   * **RSA**: NUJz6tcBoz+xxOroOUeQnqQrvH99RpmS5e9io/KwYm4   * **RSA**: NUJz6tcBoz+xxOroOUeQnqQrvH99RpmS5e9io/KwYm4
 then then
-  ssh-keygen -R 137.204.165.34+  ssh-keygen -R bastion-nav.difa.unibo.it
 to remove old fingerprint from your PC. to remove old fingerprint from your PC.
  
Linea 101: Linea 102:
 Now you can retry the ssh connection: it will tell you that it can't verify server's identity and show key hash. **Verify (again)** that the key hash is from the list above, and accept it (iif it matches). Now you can retry the ssh connection: it will tell you that it can't verify server's identity and show key hash. **Verify (again)** that the key hash is from the list above, and accept it (iif it matches).
 </WRAP> </WRAP>
- 
  
oph/cluster/access.1738344446.txt.gz · Ultima modifica: 2025/01/31 17:27 da diego.zuccato@unibo.it
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki