You are here: Home / My DKRZ / SSH

SSH

The Secure Shell (SSH) protocol is used to access all interactive nodes on Mistral.

Clients

SSH client programs are available for all major operating systems. We will focus here on openssh which ships with Linux, MacOS, and Windows 10. Other client programs will probably also work but cannot be tested and supported by DKRZ.

Access Mistral

Use the following command to access one of our login nodes

ssh <user-account>@mistral.dkrz.de

in which <user-account> must be replaced by your individual account.

Public Key Authentication

The default password authentication is neither comfortable nor very secure. In order to use public key authentication, you have to generate a key pair and upload the public key to DKRZ. The command for key generation is ssh-keygen. It supports different key types. We recommend ed25519 keys.

ssh-keygen -t ed25519

Please use a strong passphrase to secure your key. By default, this created two files named id_ed25519 and id_ed25519.pub.

ls ~/.ssh/
id_ed25519     id_ed25519.pub

The file ending with .pub has to be uploaded to luv.dkrz.de/pubkeys. First press "Add key"

 

The public key can be selected from a file by pressing the "Browse" button or pasted directly into the Key input field. After pressing "Register key", the key is uploaded to the server. In order to use it on mistral, you have to provide your LDAP password.

After that your key should be active and ready to use.

The key is valid for six weeks. After that you have to generate and upload a new one.

Managing Multiple SSH Keys

You may require multiple SSH keys for different computer centers. Reasons for this are added security and the fact that policies for key properties and lifetime may differ from site to site.

To prevent your SSH client from trying out all available keys, you should tell it exactly where to use which key. For this purpose you can create or edit the configuration file in ~/.ssh/config.

Host *.dkrz.de
        IdentityFile ~/.ssh/id_ed25519
        IdentitiesOnly yes

This tells ssh to use only the key ~/.ssh/id_ed25519 to log into any host at DKRZ.

Document Actions