Skip to content

SSH protocol

Secure Shell (SSH) is a cryptographic network protocol that enables secure remote access to a computer system or server over an insecure network. SSH provides a secure channel for data communication between two devices, ensuring that the transmitted data is protected from unauthorized access, tampering, or eavesdropping.

SSH is widely used for remote administration, secure file transfer, and other network services. The key advantages of using SSH include:

  • Encrypted communication: SSH encrypts all data transmitted between the client and server, ensuring confidentiality and integrity.
  • Strong authentication: SSH supports various authentication methods, including passwords, public key authentication, and Kerberos-based authentication.
  • Flexibility: SSH can be used with different network protocols and applications, making it highly adaptable to various use cases.

SSH in the context of HPC

In High Performance Computing (HPC) environments, researchers and engineers often need to access remote clusters and supercomputers to perform complex simulations, data processing, and analysis. Using SSH in HPC systems provides several benefits:

  • Security: HPC systems often handle sensitive research data, making security a top priority. SSH ensures that the data and access to the system remain secure.
  • Scalability: SSH allows users to manage and interact with multiple nodes in an HPC cluster, simplifying the process of deploying and controlling large-scale computing resources.
  • Remote Access: Users can work on HPC systems from anywhere with an internet connection, enhancing collaboration and productivity.

Linux

Most Linux distributions come with an SSH client pre-installed. The default SSH client is the OpenSSH client.

Establishing a SSH connection

Open a Terminal to establish a connection with the login node of any of out HPC systems:

$ ssh username@atlas-fdr.sw.ehu.es
$ ssh username@atlas-edr.sw.ehu.es

You will need to replace username with the username you were assigned.

Setting up SSH public key authentication

Public key authentication is a more secure alternative to password-based authentication. It involves the use of a public-private key pair for authentication. The public key is placed on the remote server, while the private key is kept securely on the user's local machine.

  • Create a pair of keys:
your_local_system $ ssh-keygen  
Generating public/private rsa key pair.  
Enter file in which to save the key (/home/your%local%user.ssh/id_rsa):   
Enter passphrase (empty for no passphrase):  
Enter same passphrase again:   
Your identification has been saved in /home/your%local%user/.ssh/id_rsa.  
Your public key has been saved in /home/your%local%user/.ssh/id_rsa.pub.  
The key fingerprint is:  
33:d0:fe:df:e4:e3:5d:d3:2f:59:18:2c:72:78:f2:fc  
The key's randomart image is:
  • Transfer the public key file to your ~/.ssh directory on the login node of any of out HPC systems:
ssh-copy-id username@atlas-fdr.sw.ehu.es
ssh-copy-id username@atlas-edr.sw.ehu.es

SSH tunneling

SSH tunneling, also known as SSH port forwarding, is a technique that allows you to create secure connections between local and remote applications or services through an SSH connection. This is useful for transmitting sensitive data or accessing restricted services securely over an insecure network.

Local port forwarding

Traffic from a local port is forwarded to a remote port on the server. This is useful for accessing remote services or applications that are not directly accessible from your local machine.

To set up local port forwarding, use the following command:

ssh -L local_port:remote_host:remote_port user@hostname

Remote port forwarding

Traffic from a remote port on the server is forwarded to a local port on your machine. This is useful for providing access to a local service to remote users through the SSH connection.

To set up remote port forwarding, use the following command:

ssh -R remote_port:local_host:local_port user@hostname

Dynamic port forwarding

A local SOCKS proxy is created, and traffic is forwarded to the remote server. This is useful for situations where multiple ports need to be forwarded or when the specific ports are not known in advance.

To set up dynamic port forwarding, use the following command:

ssh -D local_port user@hostname

macOS

macOS also comes with a command-line SSH client installed by default. The usage of this client is identical to the usage described in the previous section for GNU/Linux.

If you are using macOS and want to be able to run graphical applications on the clusters then you need to install the latest version of the XQuartz X Windows server.

Windows

Windows users can use the built-in OpenSSH client starting from Windows 10 build 1809 or later. To enable the OpenSSH client, follow these steps:

  • Open Settings and navigate to Apps > Optional Features.
  • Click Add a feature and search for OpenSSH Client.
  • Select Install.

Once installed, you can use the command prompt or PowerShell to connect to a remote server.

Alternatively, you can download and install third-party SSH clients like PuTTY or MobaXterm.