SSH
The HPC system is primarily accessed through a Secure Shell (SSH) connection on the login nodes.
SSH client recommendations
Most operating systems come with OpenSSH pre-installed. For Windows users, we recommend using WSL with a Linux distribution from the Microsoft Store, instead of the native OpenSSH client.
To connect to LUCIA, you must first connect to an SSH gateway, then proceed to the login nodes.
SSH gateway
The SSH gateway differs for Academic and Non-Academic users.
Academic users should connect through their university's SSH gateway.
Refer to the Gateway section of the CÉCI documentation website for further instructions.
You can use the ssh_config wizard to help you configure your ~/.ssh/config file (don't forget to tick the "Tier1" checkbox).
Connecting to LUCIA's SSH Gateway
LUCIA's SSH gateway acts as a jump host to LUCIA’s login nodes, mainly for Cenaero and industry users.
To connect to the SSH gateway, use:
Password requirements are at least:
- 12 characters,
- one uppercase letter,
- one lowercase letter,
- one numeric digit,
- one special character.
NO COMPILATION and NO COMPUTATIONS are allowed on LUCIA's SSH gateway.
NO PERMANENT STORAGE is allowed on LUCIA's SSH gateway.
As a jump host, the gateway has limited disk space, with a 10GB soft limit and a 40GB hard limit, and a 7-day grace period. The space available shoud only be used for temporary file transfers. Also, note that your data is not backed up.
The SSH gateway has its own local authentication system and filesystem.
As a result, when you change your password or SSH key, you’ll need to update both the gateway and one of LUCIA’s login nodes.
SSH Key Authentication
For enhanced security, we recommend connecting using a personal SSH key pair with a passphrase.
If you don’t have an SSH key pair, generate one as follows, and be sure to set a passphrase during creation:
$ ssh-keygen
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/XXXXX/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_ed25519
Your public key has been saved in id_ed25519.pub
The key fingerprint is:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The key's randomart image is:
+--[ED25519 256]--+
| .+ |
| . +.. |
| . . . +.=o |
| . . *.oo.. |
| . +S.. |
| . . *o. |
| . * = o |
| .=.O * + E |
| ==B*@+=.o |
+----[SHA256]-----+
After generating an SSH key pair, you now have a private key and a public key. The public key needs to be copied to the server you wish to connect to, as it allows the server to recognize your identity when you use your private key. Remember, your private key should always remain confidential.
To copy your public key to the server, use:
You’ll be prompted for your account password (not the SSH passphrase), and then the public key will be copied.
To test the connection, try logging in with:
This time, use the passphrase for your private key when prompted.SSH config file example
# Lucia gateway ---------------------------------
Host gwlucia
Hostname gateway.lucia.cenaero.be
Port 22
User <your_username>
IdentityFile ~/.ssh/id_rsa
ForwardAgent yes
# Lucia frontal nodes ---------------------------
Host lucia
Hostname frontal.lucia.cenaero.be
Port 22
User <your_username>
IdentityFile ~/.ssh/id_rsa
ProxyJump gwlucia
Login Nodes
From the SSH gateway, you can connect to the login nodes with the following command:
From the login nodes, you can compile applications, submit batch jobs and connect to the ressources allocated to your jobs by the SLURM batch scheduler.
NO COMPUTATIONS are allowed on login nodes.
It is strongly recommended not to run resource-intensive applications on the login nodes, as this can degrade their performance and affect all connected users. Lightweight tasks and small compilations are allowed. For heavier workloads, start an interactive session with srun (see Job Scheduler) and run your applications on the allocated compute node(s).
Warning about a potential man-in-the-middle attack
When connecting to frontal.lucia.cenaero.be due to different ED25519 host keys on frontal01 and frontal02, you may encounter a warning about a potential man-in-the-middle attack. To resolve this, remove the host key for frontal.lucia.cenaero.be from your ~/.ssh/known_hosts file and use a wildcard hostname with the ECDSA host key:
LUCIA has two login nodes accessible via the shared hostname frontal.lucia.cenaero.be.
Connections are load-balanced via DNS round-robin, so you’ll connect to one of the nodes at random. You can also directly connect to a specific login node using frontal01.lucia.cenaero.be or frontal02.lucia.cenaero.be.