Skip to content

SSH

High-Performance Computing (HPC) clusters are typically accessed via a Command Line Interface (CLI). Remote access is the standard method for connecting to these clusters.

This is achieved using the Secure SHell (SSH) protocol. GNU/Linux and MacOS systems have built-in SSH tools. For Windows 11 users, OpenSSH can be installed, or you can use third-party software like MobaXterm, which offers a user-friendly interface for SSH connections.

Required Software

For Windows users, we recommend installing MobaXterm. Follow the steps below to download and install MobaXterm.

  1. Visit the MobaXterm Website

    Directly download MobaXterm from the official website.

  2. Select the Edition

    The free Home Edition is generally adequate, offering a choice between a Portable Edition and an Installer Edition.

    • If uncertain, opt for the Installer Edition for ease of use.

OpenSSH should be available by default on most Windows 11 installations. For Windows 10 or if manual installation is required, refer to the Microsoft documentation for further instructions.

Only install the "OpenSSH Client".

You'll only need to install the OpenSSH Client! Please do not install the "OpenSSH Server" unless you're sure it's needed.

GUI Applications/X11 Forwarding

For loading X11/GUI applications from the terminal, consider installing the following tool: VcXsrv

This will facilitate GUI applications and X11 forwarding on your system.

No extra software is needed. SSH is usually already installed.

Please refer to documentation of your Linux distro if this isn't the case.

You don't need to install anything extra. SSH is already set up and ready to use in the terminal.

Logging in

To access the TU/e HPC Umbrella cluster use SSH with the address hpc.tue.nl. Typically, this can be done by using: 

ssh username@hpc.tue.nl

If your TU/e username is s123123, enter the following command in your terminal:

ssh s123123@hpc.tue.nl

The majority of usernames are numeric, ranging from 0 to 9, although some may begin with an s for students.

Click here if you need detailed instructions on how to connect to the cluster

search:

  1. Launch MobaXterm:

    Open MobaXterm by double-clicking its icon on your desktop or finding it in your Start menu.

  2. Start a New SSH Session:

    To initiate a new SSH session, click on the Session icon in the top left corner of the MobaXterm window. In the session settings window, select SSH.

  3. Configure Your SSH Settings:

    In the SSH session configuration, fill in the following details:

    • Remote host: Enter hpc.tue.nl.
    • Specify username: Enter your SSH username, e.g., s133320.
    • Port: Leave this set to 22, the default SSH port.

    If you have a private key for authentication, check the box for Use private key and browse to the key file location, typically C:\Users\yourusername\.ssh\id_rsa.

  4. Save and Start the Session:

    Click OK to save the session settings and connect to the server. MobaXterm will attempt to establish a connection.

  5. Verify the Connection:

    On your first connection, you'll be prompted to verify the server's authenticity. You'll see a message like this:

    The server's host key is unknown. Do you trust this host key?

    Choose Yes to add the server's fingerprint to the known hosts, allowing future connections without prompts.

  6. Access the Server:

    After a successful connection, you will have access to the server's command line interface in the terminal tab that opens, where you can execute commands.

  7. Close the SSH Session:

    To disconnect from the server, simply close the terminal tab or exit MobaXterm. This action will end the SSH session.

  1. Open the Terminal:

    Open the Terminal by pressing Ctrl + Alt + T, or find it through your system’s application menu under System Tools or Accessories.

  2. Initiate an SSH Connection:

    Use the ssh command. The command format is as follows:

    ssh username@hpc.tue.nl

    For example, if your SSH username is s133320, the command would be:

    ssh s133320@hpc.tue.nl

  3. Verify the Connection:

    On your first connection, you'll be prompted to verify the server's authenticity. You'll see a message like this:

    The authenticity of host 'hpc.tue.nl (xx.xx.xx.xx)' can't be established.
ECDSA key fingerprint is SHA256:abcdefg...
Are you sure you want to continue connecting (yes/no/[fingerprint])?

    Type yes and press Enter. This action will add the server's fingerprint to your ~/.ssh/known_hosts file, allowing future connections without prompts.

  4. Access the Server:

    After a successful connection, you will have access to the server's command line interface, where you can execute commands.

  5. Close the SSH Session:

    To disconnect from the server, type exit and press Enter. This command will close the connection and return you to your local terminal session.

  1. Open the Terminal:

    Launch the Terminal by navigating to Applications > Utilities > Terminal, or use Spotlight Search (⌘ + Space) and type "Terminal," then hit Enter.

  2. Initiate an SSH Connection:

    Use the ssh command. The command format is as follows:

    ssh username@hpc.tue.nl

    For example, if your SSH username is s133320, the command would be:

    ssh s133320@hpc.tue.nl

  3. Verify the Connection:

    On your first connection, you'll be prompted to verify the server's authenticity. You'll see a message like this:

    The authenticity of host 'hpc.tue.nl (xx.xx.xx.xx)' can't be established.
ECDSA key fingerprint is SHA256:abcdefg...
Are you sure you want to continue connecting (yes/no/[fingerprint])?

    Type yes and press Enter. This action will add the server's fingerprint to your ~/.ssh/known_hosts file, allowing future connections without prompts.

  4. Access the Server:

    After a successful connection, you will have access to the server's command line interface, where you can execute commands.

  5. Close the SSH Session:

    To disconnect from the server, type exit and press Enter. This command will close the connection and return you to your local terminal session.

Server Key Fingerprints Overview for Verification

If you get a question about SSH key fingerprints from the server, you can verify them with the values below:

Key Length Fingerprint Hostname Key Type
256 SHA256:kdpFd6RFR0rQ+76L7d2WRYsaYqSxS7jDBj/PzMlHyzg hpc.tue.nl ECDSA
256 SHA256:a0EWqBadQrhOezlF5HuhCo/diEBMl1ElskZ4LpNci3c hpc.tue.nl ED25519
3072 SHA256:S2BgcB7EnIZGnDHqPe9kBm20r0p7amTSoARbXjkOLPE hpc.tue.nl RSA
1024 SHA256:vrd92GRLJ7TyjJHu8KmULfsYb6n4zMX7I7K7ICJRrHA hpc.tue.nl DSA (deprecated)

Passwordless Authentication

A critical aspect of SSH is its key-based authentication, which employs a pair of cryptographic keys: a public key and a private key.

Imagine you need to securely access a house, but instead of using a traditional lock and key, you're using a digital system. This is essentially how Secure Shell (SSH) operates—by ensuring secure communication between devices using a pair of cryptographic keys.

The public key acts like a lock that you install on the house (the server). It can be shared openly with anyone who needs to access the server securely. The private key, on the other hand, is your personal key that unlocks this lock, and it's crucial to keep it safe and secret.

In this analogy, servers are like houses, each one secured and waiting for your lock (your public key) to be added. Once your lock is in place, only your private key can grant you access. Consequently, this system ensures that your data and connections remain private and protected.

  • Server () — Represents the "house" you're accessing securely.
  • Public key () — The "lock" you install on the server ().
  • Private key () — Your personal key that unlocks the "lock".
Why Use Keys Instead of Password Authentication?

While password authentication is common, it has several drawbacks:

  1. Vulnerability to Brute Force Attacks: Passwords can be guessed through repeated attempts, especially if they are weak or reused across multiple accounts.
  2. Phishing Risks: Users can be tricked into revealing passwords through malicious websites or emails.
  3. Management Challenges: Strong, unique passwords are hard to remember, and storing them securely can be cumbersome.

Key-based authentication addresses these issues:

  • Stronger Security: Private keys are much longer and more complex than passwords, making them resistant to brute force attacks.
  • No Password Transmission: Since passwords are not transmitted over the network, phishing attacks are ineffective.
  • Convenience: Once set up, key-based authentication allows seamless access without repeatedly entering passwords.

You (as a user) are responsible for keeping your private key safe, as it serves as the personal key to unlock systems where your public key is accepted, including the TU/e network and systems. If compromised, your private key can allow unauthorized access, leading to data breaches and system abuse, with attackers potentially infiltrating sensitive research data or exploiting the network for further attacks. This not only jeopardizes your personal data but also threatens the integrity and security of the entire network and its systems. To prevent such risks, store your private key securely, use strong encryption, and monitor for unauthorized access.

Now that you understand the analogy, let’s set up your secure access and ensure your communications are protected.

Start Guide to SSH Key-Based Authentication