(Open)SSH configuration for Farm and QCD clusters
This page is a preview of the above content, for the full web page follow the link above.
A security mandate now requires that you first SSH to a log-in gateway before logging in to an ifarm or qcdi host, regardless of whether you are starting on the on-site network or not (satisfying the two-factor authentication requirement without requiring it on ifarm/qcdi themselves). You can automate that step, allowing you to "directly" ssh (but also ssh -X, scp, sftp, and rsync-over-SSH!) by configuring the ~/.ssh/config (creating the file, if necessary) on the host you are SSHing from (typically your laptop or desktop) with a ProxyJump, e.g.
Re-using connections
To reduce the number of times you need to enter your password or perform two-factor authentication, you can add ControlMaster
configuration (if you already have a Match host *.jlab.org.
you can append the Control
... lines to that stanza, or just have multiple Match host *.jlab.org.
stanzas).
See man page ssh_config(5)
(ideally on the host you're SSHing from, but also available online) for more information about these directives.
Restarting a shared connection
You can have a problem, for example with X-forwarding, if you need different options for a connection but you're re-using an old one.
Microsoft Windows
I have also written up instructions for PuTTY. For Windows-native OpenSSH, the configuration file is placed under %userprofile%
instead of ~
(e.g. C:/Users/lsh/.ssh/config
-- create the .ssh
directory if it doesn't already exist), and you will need to omit both
- both
exec
checks (which, unlike the rest of the line before them, do not apply on Windows), as well as - the connection-reuse/sharing (
ControlMaster
) configuration (which is unsupported)
Visual Studio (VS) Code (using Microsoft's "Remote - SSH" extension)
As a prerequisite, make sure the OpenSSH configuration is working from the command prompt (whether that's Windows' cmd.exe
, Linux/macOS' /bin/sh
, or some other shell) as shown above. Enable Remote.SSH: Remote Server Listen On Socket in your VSCode User Settings. When you select Remote-SSH: Connect to Host... from the Command Palette, you should see the hosts configured in your .ssh/config
already listed.