Skip to content

Remote access

To access the CIRRELT/GERAD computers, you need to connect either through the VPN or the ssh gateway.

RECOMMENDATION

We recommend you use the VPN instead of ssh. Contact us for the configuration files.

IMPORTANT

For security reasons, the ssh gateway doesn't allow password authentication. Only private/public keys can be used. The private key remains on your personnal computer and is protected by a strong passphrase while the public key can be added to your CIRRELT/GERAD account.

ssh programs

To connect with ssh from a Windows Machine, you can open a powershell or cmd terminal. You can also use one of these programs:

Open a terminal and you can use the ssh program.

To connect to the CIRRELT/GERAD network with ssh you first need to connect to the gateway

ssh.gerad.ca (for GERAD)
ssh.cirrelt.ca (for CIRRELT)

Then you need to do a second ssh to the machine you want to connect to.

ATTENTION

The server ssh.gerad.ca or ssh.cirrelt.ca is only an entry point. Do not start any compute jobs on this machine

ssh connection with X11

An X11 ssh connection allows some of the graphical applications started on a remote machine at CIRRELT/GERAD to be displayed on your personal computer at home.

For this to work, you need to have an X11 server installed on your computer.

The Mobaxterm program comes with an X11 server. If you want to use another ssh client, you'll need to find an appropriate X11 server for it.

GERAD:

ssh -X user@ssh.gerad.ca

CIRRELT:

ssh -X user@ssh.cirrelt.ca

The -X option allows the use of graphical applications on the server.

On Linux, there's usually an X11 server installed if you have a graphical environment.

GERAD:

ssh -X user@ssh.gerad.ca

CIRRELT:

ssh -X user@ssh.cirrelt.ca

The -X option allows the use of graphical applications on the server.

To use remote graphical applications, you need to install an X11 server like XQuartz (https://www.xquartz.org/).

GERAD:

ssh -Y usager@ssh.gerad.ca

CIRRELT:

ssh -Y usager@ssh.cirrelt.ca

The -X option allows the use of graphical applications on the server. On MacOS we use -Y instead of -X

ssh key generation

ATTENTION

Before may 2023, you can use the commands directly since passwords are still allowed. After, you'll need to activate the VPN for the key transfer. Once the transfer is complete, you don't need the VPN to connect to the gateway.

From a Linux or MacOS machine, from the terminal you can do these 2 steps:

  1. Creation of the ssh key on your personal machine. When asked for a passphrase, provide the password: ssh-keygen
  2. Copy the public key to your CIRRELT/GERAD account.

GERAD:

    ssh-copy-id user@ssh.gerad.ca

CIRRELT:

    ssh-copy-id user@ssh.cirrelt.ca

Creation of an ssh key on your personal computer.

  • Putty

    For putty, you need to use the puttygen program.

  • Windows Powershell

    1- Start your powershell terminal. When asked for a passphrase, enter the password you want to use:

        ssh-keygen.exe
    

    2- Copy the public key to your CIRRELT/GERAD account:

    GERAD:
    
        cat ~/.ssh/id_rsa.pub | ssh usager@ssh.gerad.ca "cat >> ~/.ssh/authorized_keys"
    
    CIRRELT:
    
        cat ~/.ssh/id_rsa.pub | ssh usager@ssh.cirrelt.ca "cat >> ~/.ssh/authorized_keys"
    

    3- It's possible that encouter an error message regarding MACs during ssh connexion in powershell or cmd terminal:

    In this case you need to add the option MACs in your host config (.ssh/config).

    Example:

    Host hostname.domainname
    HostName hostname.domainname
    User usager1
    MACs -umac-128-etm@openssh.com
    

    hostname.domainname: replace it by the name of your machine and domain

ATTENTION

To connect with your ssh key, you'll need to enter the password you used when creating the key, not the password of your account