Compute Canada

SSH/SFTP

Please note: The FAQ pages at the HPCVL website are continuously being revised. Some pages might pertain to an older configuration of the system. Please let us know if you encounter problems or inaccuracies, and we will correct the entries.

HPCVL requires all Users to login using the HPCVL Portal in order to interact with the cluster. This is a short FAQ on using SSH and SFTP as methods of accessing HPCVL machines and transfering files. These protocols are meant as a "backup" alternative in case of problems.

What is a "secure shell"?

A secure shell (SSH) is a terminal program that encrypts the data that you send and receive to a remote system. For the general private and academic user, the client software for SSH is free. It comes in many different "flavors" and is used similarly to "telnet".

At this point, HPCVL requires its users to use the HPCVL Portal for interactive login, to ensure that the data transfer is safe and that "eavesdropping" or "connection hijacking" is unlikely. HPCVL also requires that all file transfers are done using SCP within the Portal.

The server also runs an SSH daemon with protocol level SSH2, that supports SSH and SFTP. The latest version of the client software, and some "a little older" versions should be able to communicate with it.

Where can I get a "secure shell"?

Unix Systems: (Linux, Solaris, AIX, Iris, HP-UX). Unix systems usually have an ssh client installed as a standard component of the Operating System (OS). If your system doesn't, we suggest you visit the Openssh web site. This is a relatively simple way to get one. Also, check out your favorite "free download site" for "Openssh"; you might find a precompiled executable.

Solaris: If you are using a SUN machine with Solaris, ssh/sftp is likely included with the OS. You can also get a pre-compiled version fromhttp://sunfreeware.com/ or one of its mirrors.

Linux Systems: Most installations should include a choice of ssh/sftp packages.

Windows Systems: There are several SSH-based programs available. One of the more popular and easy to use Secure Telnet applications is "PuTTY". An excellent solution for individual non-commercial use is MobaXterm which includes X-server software so that you do not have to install that separately and graphical output from Unix systems is displayed properly on Windows systems.

How do I run a "secure shell"?

The following instructions are specific to the Open-ssh version of ssh. The command structure might differ slightly for other clients, such as the ones supplied with PuTTY.

The Open-ssh package comes with three client programs. These are:
->ssh (secure login shell, similar to telnet)
->scp (secure copy command, similar to remote cp)
->sftp (similar to standard ftp, presently not implemented on the server)

Use thesshcommand to log in the same way as you would with a telnet session:
ssh -l user_name ip_address
where user_name is your username on the target machine (i.e. the SunFire), and ip_address is the 4-digit IP-address of the target machine (e.g. 130.15.59.64 for sfnode0). After issuing this command, you will be prompted for your password.

For Transfering files, you can use the scp command:
scp -o User=user_name local_file ip_address:target_file
where user_name is again the user name on the target machine, and ip_address is the IP-address of the target machine. local_file and target_file are the names of the file copied, on your local machine and the remote target machine, respectively. Make sure you include the proper directory path for target_file

sftp is an encrypted version of the ftp command. It is called similar to the latter:
sftp username@ip_address
at which point it will prompt you for your password. Then you receive an sftp> prompt. From then on you use the same commands as in an ftp session, i.e.dir, get, put,etc. Note that the commands bin, ascii, prompt are not used in sftp. If you need a reminder about available commands, you can type help at the sftp>command prompt. If you want to transfer many files you might want to use the tar command to produce a single archive. The HPCVL Secure Portal also offers a GUI that makes moving multiple files easier.

What if something's not right?

The first time you log in with ssh, you might receive a message like:
The authenticity of host '130.15.59.64 (130.15.59.64)' can't be established. RSA1 key fingerprint is bla::bla::bla
Just answer the question if you want to continue with "yes". The message will not re-occur.

If for some reason your encryption key is not recognized anymore by the target machine, you will get an error message such as:
@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: HOST IDENTIFICATION HAS CHANGED! @@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the host key has just been changed. Please contact your system administrator.

Before you contact the system administrator, you might want to move the file $HOME/.ssh/known_hosts to something else and try again. If you still can't get in, contact the system administrator.

Where can I get further help?

An excellent starting point to find information about ssh is the OpenSSH web site which has many links, FAQ's, and manual pages. All of these are OpenSSH specific, but they also cover all you need to know about ssh in general. Then there is the original SSH HomePage with info/rmation/mmercials about ssh and other security products.

If you want to know it all in detail, there is the O'Reilly "snail book". Manual pages exist on our systems (man ssh, or man sftp) that give you a somewhat hard-to-read introduction, but ssh -? will give you a list of options. Finally, you can contact our user-support staff.