search

ucsf-wynton / wynton-website-hpc

The Official Wynton HPC User Website
https://wynton.ucsf.edu/hpc/
2 stars 14 forks source link

Clarify local SSH configuration settings #153

Open ellestad opened 2 months ago

ellestad commented 2 months ago

https://wynton.ucsf.edu/hpc/howto/log-in-without-pwd.html#connect-directly-to-a-development-node

Suggests using the following ssh config connect directly to a dev host:

Host *dev?.wynton.ucsf.edu
  ProxyJump log1.wynton.ucsf.edu

In my experience, if you don't include the username in the ProxyJump line, it will use the username from the connecting environmant.

i.e.

Host *dev?.wynton.ucsf.edu
  User alice
  ProxyJump alice@log1.wynton.ucsf.edu
ellestad commented 2 months ago

Also, not sure if the wild card works with vscode, I've had a person tell me they are having problems with having that in their config.

Host dev3
    user alice
        Port 22
    ProxyJump alice@log2.wynton.ucsf.edu
Host dev2
    user alice
        Port 22
    ProxyJump alice@log2.wynton.ucsf.edu
Host dev1
    user alice
        Port 22
    ProxyJump alice@log2.wynton.ucsf.edu
HenrikBengtsson commented 2 months ago

Regarding the missing User entry in the ProxyJump example:

It's actually implied from:

First, make sure you have created the above Host: *.wynton.ucsf.edu directive in ~/.ssh/config on your local computer and verified that it works. Then, append another directive with:

that is just before

Host *dev?.wynton.ucsf.edu
  ProxyJump log1.wynton.ucsf.edu

and then it continues with:

"These two directives together will allow you to connect directly to a development host from your local machine ..."

Also, if User is not specified, then it should still work if one specifies ssh -l alice dev1.wynton.ucsf.edu. or ssh alice@dev1.wynton.ucsf.edu, just like for the login nodes.

OTH, the X11 example is self-contained, so I guess it's worth doing that for the ProxyJump example too. It's just that I wanted people to be able to do one of this at the time, in case they run into problem.

HenrikBengtsson commented 2 months ago

Also, not sure if the wild card works with vscode, I've had a person tell me they are having problems with having that in their config.

Got it - keeping that as an n=1 sample right now, but if more reports come in, it might be worth looking into that.

ellestad commented 1 month ago

From what I have observed, the User entry in the ssh config only applies to the target host, and the username for the ProxyJump host must be separately specified in the command, or in many modern implementations, the ssh username reverts to the client username from the connecting host. I think we already fixed this on other pages which present jump hosts.