The Secure SHell (SSH) protocol is used to securely access remote servers.
1 - Basic SSH
To login to SPORC (2018 Cluster):
$ ssh your_RIT_username@sporcsubmit.rc.rit.edu
To login to TIGRIS (2026 Cluster):
Details coming soon!
2 - SSH Keys
SSH also allows for login using a public and private key pair. The public key acts like a lock–anyone can see it–but only the holder of that corresponding private key and unlock it. When connecting to a remote server that has your public key, your identity is verified by checking if your private key (which only you should have) can unlock your public key. Keeping your private key secure is crucial, as anyone with access to your private key can impersonate you and access servers that have your public key.
In your Home Directory, you already have an SSH key. This was created when you first logged into a cluster. DO NOT modify or delete this SSH key or you will not be able to login to cluster nodes, and your jobs will not be able to run.
You are welcome to set up an SSH key on your laptop/desktop and use that key to login to the clusters. There are a variety of methods to do so, but please be aware:
- Never, ever, ever share your Private Key with anyone!
- When you create an SSH key…
- You will be prompted to create a passphrase for your SSH key. DO NOT leave it blank. Make sure you remember this passphrase, as you will need it each time you use your SSH key.
- You will be prompted for a filename/location to save your keys. Leave the default name and location. Changing these may cause problems.
- For Windows…
- Windows 11 or newer has the OpenSSH client installed by default.
- If you are using Windows 10 or older, you will need to install the OpenSSH client.
Recommended Tutorial: DigitalOcean
3 - Removing Offending Keys from the known_hosts File
After you connect to a remote machine, the key you used to connect is stored in the known_hosts file on your local machine. The purpose of this file is to verify the identity of the remote machines you are connecting to.
Occasionally, you might see an error like this when you try to connect using SSH:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
5c:9b:16:56:a6:cd:11:10:3a:cd:1b:a2:91:cd:e5:1c.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending key in /home/user/.ssh/known_hosts:1
RSA host key for ras.mydomain.com has changed and you have requested strict checking.
Host key verification failed.
This error will occur when the fingerprint the host has changed. Check with the administrator of that remote machine to make sure the change is expected. To remove the old fingerprint and login again, you can follow these instructions.
On Linux, Mac, and Window 10 (or Newer):
- Remove the key:
- Linux: Run
ssh-keygen -R <hostname> - Mac: Run
ssh-keygen -R <hostname> - Windows 10 (or Newer): Run
ssh-keygen -R <hostname>
- Linux: Run
- Login like you normally would and access the new fingerprint by typing
yesand pressing “Enter”.
4 - Additional Login Options
When logging into a remote server, you can use additional flags to enhance your SSH session:
ssh -X: Enables X11 forwarding, allowing you to run graphical applications over SSH.ssh -A: Enables authentication agent forwarding, allowing the remote server to use your local SSH keys; do not use this unless you know why you are using it.ssh -vvv: Provides verbose output, showing detailed information about the connection process; this may be using for debugging.