Remote access

Remote access #

You can access the cluster with SSH directly from local network at INM RAS or via VPN.

Remote access for users outside INM RAS local network is allowed through SSH public key authentication.

Remote SSH access #

Please, use IP address 10.149.206.244 for SSH connections from VPN and local network at INM RAS.

Server key hashes #

At first login you will be prompted to verify server key hash. Please, verify it.

ED25519 key #

SHA256 hash: SHA256:y3QgGPLczyYQigjShmei8tfiiswiBpMWF2zDNwiDFtU
MD5 hash: MD5:42:c2:ff:ea:c5:71:5f:e3:69:ec:e8:2f:bf:3c:83:8c

ECDSA key #

SHA256 hash: SHA256:tgtkcLCU9r2+tOVnYYJs3KEJpB4mINFXTI9UYGEDJg8
MD5 hash: MD5:ed:f1:72:a4:23:4c:a1:f7:51:12:98:69:e3:49:4f:13

RSA key #

SHA256 hash: SHA256:y7+6bP/MzYyKao72kexbG+kpk0m/yxTL/q7udmZXb20
MD5 hash: MD5:ab:ee:95:dc:e4:8b:5f:3d:9d:ed:21:c7:1c:21:08:bb

Connection through proxy server #

Recent versions of OpenSSH provide command option -J for SSH proxy connections, e.g.:

ssh -J proxy-user@proxy-server.inm.ras.ru cluster-user@10.149.206.244

You can configure password-less login and proxy servers in your config file ~/.ssh/config.

Remote VPN access #

You can use OpenVPN for accessing cluster from the Internet. Please, ask cluster administrators for a personal OpenVPN profile. Please note, that multiple connections with the same profile are not supported.

Do not share your personal profile with others, even with colleagues. Ask for another profile in case you need more.

Quick instructions #

Please use an OpenVPN client. Windows users can use OpenVPN Connect clients.

Linux users with Network Manager service (e.g. Ubuntu users) can import OpenVPN profile in network configuration GUI, or using the command line interface:

# Import file cluster2-test.ovpn
nmcli connection import type openvpn file cluster2-test.ovpn

Please make sure that forwarding of all traffic through VPN connection is disabled. Network Manager enables it by default. You can use the following command to disable it:

# Replace cluster2-test with your connection name (ref. nmcli connection show)
nmcli connection modify cluster2-test ipv4.never-default yes

The following command activates the imported connection in Network Manager:

# Replace cluster2-test with your connection name (ref. nmcli connection show)
nmcli connection up cluster2-test

Expiration dates of profile certificates #

Each profile contains a certificate with limited validity dates. The expiration date is included in the OpenVPN profile under <cert> tag:

<cert>
        Issuer: CN = INM RAS HPC OpenVPN CA R1
        Validity
            Not Before: Jul 30 10:11:33 2021 GMT
            Not After : Aug 29 10:11:33 2021 GMT
        Subject: CN = test
-----BEGIN CERTIFICATE-----
## your personal certificate in Base64 encoding
-----END CERTIFICATE-----
</cert>

You can extract the validity dates from the certificate using openssl command, e.g.:

sed '1,/<cert>/d;/<\/cert>/,$d' config-test.ovpn | openssl x509 -dates -noout

(command sed extracts <cert> tag from file config-test.ovpn and pipes it to openssl)