Remote access #
Remote access for users outside INM RAS local network is allowed through SSH public key authentication.
Remote SSH access #
Please, use IP address
10.149.206.244 for SSH connections from VPN and local network at INM RAS.
Server key hashes #
At first login you will be prompted to verify server key hash. Please, verify it.
ED25519 key #
ECDSA key #
RSA key #
Connection through proxy server #
Recent versions of OpenSSH provide command option
-J for SSH proxy connections, e.g.:
ssh -J email@example.com firstname.lastname@example.org
Remote VPN access #
You can use OpenVPN for accessing cluster from the Internet. Please, ask cluster administrators for a personal OpenVPN profile. Please note, that multiple connections with the same profile are not supported.
Do not share your personal profile with others, even with colleagues. Ask for another profile in case you need more.
Quick instructions #
Please use an OpenVPN client. Windows users can use OpenVPN Connect clients.
Linux users with Network Manager service (e.g. Ubuntu users) can import OpenVPN profile in network configuration GUI, or using the command line interface:
# Import file cluster2-test.ovpn nmcli connection import type openvpn file cluster2-test.ovpn
Please make sure that forwarding of all traffic through VPN connection is disabled. Network Manager enables it by default. You can use the following command to disable it:
# Replace cluster2-test with your connection name (ref. nmcli connection show) nmcli connection modify cluster2-test ipv4.never-default yes
The following command activates the imported connection in Network Manager:
# Replace cluster2-test with your connection name (ref. nmcli connection show) nmcli connection up cluster2-test
Expiration dates of profile certificates #
Each profile contains a certificate with limited validity dates. The expiration date is included in the OpenVPN profile under
<cert> Issuer: CN = INM RAS HPC OpenVPN CA R1 Validity Not Before: Jul 30 10:11:33 2021 GMT Not After : Aug 29 10:11:33 2021 GMT Subject: CN = test -----BEGIN CERTIFICATE----- ## your personal certificate in Base64 encoding -----END CERTIFICATE----- </cert>
You can extract the validity dates from the certificate using
openssl command, e.g.:
sed '1,/<cert>/d;/<\/cert>/,$d' config-test.ovpn | openssl x509 -dates -noout
<cert> tag from file
config-test.ovpn and pipes it to