SSH

Secure Shell or SSH is a network protocol that provides confidentiality and integrity of data using a secure channel between two networked devices. You can enable and use SSH to secure communication between hosts and during job submission.

About SSH

SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.

SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections. SSH uses a client-server protocol.

SSH uses private/public key pairs to log into another host. Users no longer have to supply a password every time they log on to a remote host.

SSH is used when running any of the following:

  • Remote log on to a lightly loaded host (lslogin)

  • An interactive job (bsub -IS | -ISp | ISs)

  • An interactive X-window job (bsub -IX)

  • An externally submitted job that is interactive or X-window (esub)

Scope


Applicability

Details

Dependencies

  • OpenSSH is fully supported.

  • You must have SSH correctly installed on all machines requiring it.

  • You must generate public/private key pairs and add the content of the public key to the authorized_keys file on remote hosts. For more information, refer to your SSH documentation.

  • For X-window jobs, you must set the DISPLAY environment variable to X-serverHost:0.0, where X-serverHost is the name of the X-window server. Ensure the X-server can access itself. Run, for example, xhost +localhost.

Operating system

Any that also support OpenSSH.

Limitations

Private user keys must have no password set.


Configuration to enable SSH


Configuration file

Level

Syntax

Behavior

lsf.conf

System

LSF_LSLOGIN_SSH=Y | y

A user with SSH configured can log on to a remote host without providing a password.

All communication between local and remote hosts is encrypted.


Configuration to modify SSH

Not applicable.

SSH commands

Commands to monitor


Command

Behavior

netstat -an

Displays all active TCP connections and the TCP and UDP ports on which the computer is listening.


Troubleshoot SSH

Use the SSH command on the job execution host to connect it securely with the job submission host.

If the host fails to connect, you can perform the following steps to troubleshoot.

  1. Check the SSH version on both hosts.

    If the hosts have different SSH versions, a message displays identifying a protocol version mismatch.

  2. Check that public and private key pairs are correctly configured.

    More information on configuring key pairs is here: http://sial.org/howto/openssh/publickey-auth/.

  3. Check the domain name.

    $ ssh –f –L 6000:localhost:6000 domain_name.example.com date

    $ ssh –f –L 6000:localhost:6000 domain_name date

    If these commands return errors, troubleshoot the domain name with the error information returned.

The exceution host should connect without password and pass phrases.

$ ssh sahpia03
$ ssh sahpia03.example.com