SSH Access 🔗

SSH (Secure Shell) is the main tool to connect to the PALMAII HPC cluster and ensures an encrypted connection to the system. SSH can be configured to allow for password and/or public key authentication. Public key authentication is the only method to connect to the system. It requires a so called SSH key pair comprised of two matching parts – a public and a private key. The public key is installed on the remote system. The private key remains on your local machine.

You have to create a key pair using your own SSH program (see how-to guides below) and upload the public key to our servers. This can be done in the IT Portal under:

Passwords and PINs → Public SSH keys

If you already uploaded a key in the IT Portal before (for other purposes) you don't need to upload another one.

If you want to access the cluster from different systems (workstation, mobile etc.), you can either copy your private key from one system to the other or create a different key pair on each system and upload all public keys.

How to create an SSH key pair (OpenSSH) 🔗

Linux/MacOS

Open a terminal on your local system and use the ssh-keygen command as shown below to create an ECDSA encrypted SSH key pair with a length of 384. During key generation you have to enter a password which protects your key. This should not be the same as your general University password!

ssh-keygen -t ecdsa -b 384 -f $HOME/.ssh/id_ecdsa_palma
Generating public/private ecdsa key pair.
Enter passphrase (empty for no passphrase): ******
Enter same passphrase again: ******
Your identification has been saved in /home/user/.ssh/id_ecdsa_palma
Your public key has been saved in /home/user/.ssh/id_ecdsa_palma.pub
The key fingerprint is:
SHA256:sp4YEyAhfGusItfVv9pJP+2/pztH2NKiQLduUBitW/8 user@host
The key's randomart image is:
+---[ECDSA 384]---+
|+ . |
|.o . . . |
|. = . . + |
| . + . . + + |
| o.... So = o + |
|o.. .. o = . = +|
|o. . . .= o = |
| = . o.o= o E|
| . o ..o..o+B+|
+----[SHA256]-----+

Here we created a private and public key pair called id_ecdsa_palma and id_ecdsa_palma.pub , respectively, which are saved to the folder /home/user/.ssh/.

After uploading the public key at the IT Portal, you can login on PALMA via the following command:

ssh -i ~/.ssh/id_ecdsa_palma username@palma-login.uni-muenster.de

Windows

OpenSSH (since Windows 10, April Update 2018) 🔗

Windows 10 supports a native SSH client. This client is only available if the optional feature OpenSSH Client is installed:

Open Settings App , select System then select Optional Features.
Scan the list to see if the OpenSSH is already installed. If not, at the top of the page, select Add a feature, then find OpenSSH Client, then click Install

After this the ssh and ssh-keygen commands are available and can be used. To generate a private/public key pair, open the Command Prompt (cmd.exe) and follow these steps:

First create a new folder called .ssh

C:\Users\Username>mkdir .ssh

Then, use the ssh-keygen command as shown below to create an RSA 4096 bit encrypted SSH key pair. During key generation you have to enter a password which protects your key. This should not be the same as your general WWU password!

C:\Users\Username>ssh-keygen -t ecdsa -b 384 -f %HOMEPATH%\.ssh\id_ecdsa_palma
Generating public/private ecdsa key pair.
Enter passphrase (empty for no passphrase): ******
Enter same passphrase again: ******
Your identification has been saved in \Users\Username\.ssh\id_ecdsa_palma.
Your public key has been saved in \Users\Username\.ssh\id_ecdsa_palma.pub.
The key fingerprint is:
SHA256:Oea4evZy02zotPoy3bLUjzvu0S1tOWfbdi82cZKJr2s username@DESKTOP
The key's randomart image is:
+---[ECDSA 384]---+
|+ . |
|.o . . . |
|. = . . + |
| . + . . + + |
| o.... So = o + |
|o.. .. o = . = +|
|o. . . .= o = |
| = . o.o= o E|
| . o ..o..o+B+|
+----[SHA256]-----+

Here we created a private and public key pair called id_ecdsa_palma and id_ecdsa_palma.pub , respectively, which are saved to the folder **\Users\Username.ssh**.

After uploading the public key at the IT Portal, you can login on PALMA via the following command:

ssh -m hmac-sha2-512 -i %HOMEPATH%\.ssh\id_ecdsa_palma username@palma-login.uni-muenster.de

Accessing PALMA from outside the University (also applies for the UKM network) 🔗

PALMA is only reachable from the University network. From the outside, we recommend to use our SSH jumphosts to access PALMA. You can find the documentation on how to use the jumphosts here (German version): https://www.uni-muenster.de/IT/services/arbeitsplatz/jumphost/index.html and here (English version): https://www.uni-muenster.de/IT/en/services/arbeitsplatz/jumphost/index.html

An entry in your $HOME/.ssh/config could look like this (replace $USERNAME with your account name):

Linux/MacOS OpenSSH Config File

Host palma
 HostName palma-login.uni-muenster.de
 User $USERNAME
 IdentityFile ~/.ssh/id_ecdsa_palma
 ProxyJump jumphost

Host jumphost
 HostName sshjump.uni-muenster.de
 User $USERNAME
 IdentityFile ~/.ssh/id_ecdsa_palma

In Windows this file would be located at %HOMEPATH%.ssh\config. In the config file itself you cannot use the %HOMEPATH% environment variable. You have to replace it with the proper Windows path to your user directory. Note the addition of the "MACs" parameter here - this is important to set, if you are using Windows. The config file could look like this:

Windows OpenSSH Config File

Host palma
 HostName palma-login.uni-muenster.de
 User $USERNAME
 IdentityFile C:\Users\Username\.ssh\id_ecdsa_palma
 ProxyJump jumphost

Host jumphost
 HostName sshjump.uni-muenster.de
 User $USERNAME
    IdentityFile C:\Users\Username\.ssh\id_ecdsa_palma
    MACs hmac-sha2-512

Alternative Approach: VPN 🔗

You can also use a VPN connection from outside the University: https://www.uni-muenster.de/IT/services/kommunikation/vpn/index.html - then you do not have to use the SSH jumphost.

Detailed instructions for Windows GUI users 🔗

PuTTYgen

PuTTY & Pageant

WinSCP

MobaXterm