Skip to content

SSH

The HPC system is primarily accessed through a Secure Shell (SSH) connection on the login nodes. Most operating systems come with OpenSSH pre-installed. For Windows users, we recommend using WSL with a Linux distribution from the Microsoft Store, instead of the native OpenSSH client.

Connecting to LUCIA

To connect to LUCIA, you must first connect to its SSH gateway, then proceed to the login nodes.

From the login nodes, you can compile applications, submit batch jobs and connect to the ressources allocated to your jobs by the SLURM batch scheduler.

SSH Gateway

NO compilation, NO computations and NO permanent storage is allowed on SSH gateway. The space available shoud only be used for temporary file transfers. Data is not backed up.

Note for Academic Users

Academic users should connect through their university's SSH gateway rather than LUCIA's SSH gateway. Refer to the Gateway section of the CÉCI documentation website for further instructions.

The SSH gateway acts as a jump host to LUCIA’s login nodes, mainly for Cenaero and industry users. It has its own local authentication system and filesystem. As a result, when you change your password or SSH key, you’ll need to update both the gateway and one of LUCIA’s login nodes.

As a jump host, the gateway has limited disk space, with a 10GB soft limit and a 40GB hard limit, and a 7-day grace period.

To connect to the SSH gateway, use: 

ssh <your_username>@gateway.lucia.cenaero.be
On your first connection, you will be prompted to change your password. Password requirements are: at least 12 characters, including at least one uppercase letter, one lowercase letter, one numeric digit, and one special character.

Login Nodes

NO computations and NO permanent storage is allowed on login nodes. Data is not backed up.

It is strongly advised not to run resource-intensive applications directly on the login nodes, except for compiling and light testing of applications. If necessary, it’s preferable to launch an interactive job using the "srun" command, then connect to the assigned node(s) to run these applications interactively.

From the gateway.lucia.cenaero.be gateway (or other authorized hosts, such as the CÉCI gateways), you can connect to the login nodes as follows: 

ssh <your_username>@frontal.lucia.cenaero.be

LUCIA has two login nodes accessible via the shared hostname frontal.lucia.cenaero.be. Connections are load-balanced via DNS round-robin, so you’ll connect to one of the nodes at random. You can also directly connect to a specific login node using frontal01.lucia.cenaero.be or frontal02.lucia.cenaero.be.

Man-in-the-Middle Attack Warning

You may encounter a warning about a potential man-in-the-middle attack when connecting to frontal.lucia.cenaero.be due to different ED25519 host keys on frontal01 and frontal02. To resolve this, remove the host key for frontal.lucia.cenaero.be from your ~/.ssh/known_hosts file and use a wildcard hostname with the ECDSA host key: 

ssh-keygen -f ~/.ssh/known_hosts -R frontal.lucia.cenaero.be
echo "frontal*.lucia.cenaero.be,10.90.0.* ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMsp0o1PqzLFoPBjiURqe0XgzKuO/MvxtN1FawChfo4IICOpX/LNy7s7MIScnr6mVyGZzsQK4v8ehIK2YtcWVWE=" >> ~/.ssh/known_hosts

Compute Nodes

SSH Key Authentication

Note for Academic Users

This section does not apply to you.

For enhanced security, we recommend connecting using a personal SSH key pair with a passphrase.

If you don’t have an SSH key pair, generate one as follows, and be sure to set a passphrase during creation: 

$ ssh-keygen 
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/XXXXX/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in id_ed25519
Your public key has been saved in id_ed25519.pub
The key fingerprint is:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The key's randomart image is:
+--[ED25519 256]--+
|          .+     |
|  .       +..    |
| . . . +.=o      |
|  . . *.oo..     |
| .     +S..      |
|  .   . *o.      |
|   .   * = o     |
|   .=.O * + E    |
|   ==B*@+=.o     |
+----[SHA256]-----+

After generating an SSH key pair, you now have a private key and a public key. The public key needs to be copied to the server you wish to connect to, as it allows the server to recognize your identity when you use your private key. Remember, your private key should always remain confidential.

To copy your public key to the server, use: 

ssh-copy-id <name_of_the_server>

You’ll be prompted for your account password (not the SSH passphrase), and then the public key will be copied.

To test the connection, try logging in with: 

ssh-copy-id <name_of_the_server>
This time, use the passphrase for your private key when prompted.

SSH config file example

Note for Academic users

The present section is not applicable to you, please use the ssh_config wizard to help you configure your ~/.ssh/config file, and tick the "Tier1" checkbox.

# Lucia gateway ---------------------------------
Host gwlucia
    Hostname gateway.lucia.cenaero.be
    Port 22
    User <your_username>
    IdentityFile ~/.ssh/id_rsa
    ForwardAgent yes
# Lucia frontal nodes ---------------------------
Host lucia
    Hostname frontal.lucia.cenaero.be
    Port 22
    User <your_username>
    IdentityFile ~/.ssh/id_rsa
    ProxyJump gwlucia