Configuring SSH

OpenSSH, sftp, rsync, VSCode, …

The OpenSSH configuration file is a plain text file that defines Hosts with short, easy to type names and corresponding full DNS names (or IPs) and advanced configuration options, which private key to use, etc. This file being picked up and read by multiple SSH clients or other applications that use the SSH protocol to connect to the cluster. Most clients let you override the defaults in this file for any given login.

Config file location

It is usually located in your home directory or user profile directory under .ssh/config, i.e.

OpenSSH config location

~/.ssh/config
/home/$USERNAME/.ssh/config

~/.ssh/config
/User/$USERNAME/.ssh/config

%USERPROFILE%\.ssh\config
C:\Users\your_username\.ssh\config

OpenSSH config file format

After general options that apply to all SSH connections, you can define a line Host my_shorthand, followed by options that will apply to this host only, until another Host xyz line is encountered. See the OpenSSH documentation for a full list of available options.

Simple configuration examples

Here are different blocks of configuration options you can copy-paste into your config file. You can mix-and-match these, choose the ones you need. Just make sure to replace User xyz with your respective username and if necessary, the path/filename of your private key.

Emmy / Grete (NHR and SCC)

While “Emmy” was originally the name of our NHR/HLRN CPU cluster and “Grete” the name of the NHR/HLRN GPU cluster, they now refer to cluster islands which include NHR and SCC nodes (see CPU partitions and GPU partitions). For example, the scc-cpu partition is integrated with Emmy Phase 3 from a technical standpoint, thus Emmy-p3 is the recommended login for SCC users.

Host Emmy
	Hostname glogin.hpc.gwdg.de
	User u12345
	IdentityFile ~/.ssh/id_ed25519

Host Emmy-p2
	Hostname glogin-p2.hpc.gwdg.de
	User u12345
	IdentityFile ~/.ssh/id_ed25519

Host Emmy-p3
	Hostname glogin-p3.hpc.gwdg.de
	User u12345
	IdentityFile ~/.ssh/id_ed25519

Host Grete
	Hostname glogin-gpu.hpc.gwdg.de
	User u12345
	IdentityFile ~/.ssh/id_ed25519

KISSKI

Host KISSKI
	Hostname glogin-gpu.hpc.gwdg.de
	User u56789
	IdentityFile ~/.ssh/id_ed25519

Legacy SCC

The legacy SCC login nodes are not reachable from outside GÖNET. You can use the generic login nodes as jumphosts, to avoid the need for VPN if you want to connect from the outside.

Host jumphost
	Hostname glogin.hpc.gwdg.de
	User jdoe1
	IdentityFile ~/.ssh/id_ed25519

Host SCC-legacy
	Hostname login-mdc.hpc.gwdg.de
	User jdoe1
	IdentityFile ~/.ssh/id_ed25519
	ProxyJump jumphost

Tip

You can leave out the jumphost block and ProxyJump jumphost if you always connect from within GÖNET (basically the extended campus network in Göttingen) or use VPN.

Storage Transfer Nodes

These are nodes specialized for transferring data between HPC filesystems and non-HPC storage hosted by the GWDG (GWDG Unix HOME and Tape Archive). They also allow transfers and data migration between legacy or non-HPC AcademicCloud usernames and HPC project-specific usernames. As many of our HPC filesystems are mounted as possible, including island specific filesystems to facilitate cross-island transfers. However, they are not meant for any computational loads except compressing and uncompressing data and do not allow submitting compute jobs. No jumphost or VPN is required. Note that we did not specify a username in this example, so you will need to provide the username you want to use when you login (e.g. ssh jdoe1@gwdg-storge or ssh u56789@gwdg-storage), as one of the most common use cases will be transferring data between different usernames. For more information, see Using non-HPC Storage from GWDG.

Host gwdg-storage
	Hostname gwdg-storage.hpc.gwdg.de
	IdentityFile ~/.ssh/id_ed25519

Advanced configuration examples

Here are more advanced example configuration for all our clusters with convenient shortcuts for advanced users. Adapt to your needs. To understand this, remember ssh parses it’s config top-down and first-come-first-serve.

That means, if for a given Host the same option appears multiple times, the first one counts and subsequent values are ignored. But for options that were not defined earlier, values will apply from successive appearances. Note that if Hostname is not specified, the Host value (%h) is used.

All frontend nodes, individually specified

# NHR, SCC Project-Portal and KISSKI users
Host glogin*
	Hostname %h.hpc.gwdg.de
	User u12345
	IdentityFile ~/.ssh/id_ed25519

# The Storage nodes (don't forget to specify your username when running ssh)
Host gwdg-storage gwdu107 gwdu108
	Hostname %h.hpc.gwdg.de
	IdentityFile ~/.ssh/id_ed25519

# Use the main login nodes as jumphosts to restricted login nodes
Host jumphost
	Hostname glogin.hpc.gwdg.de
	User u12345
	IdentityFile ~/.ssh/id_ed25519

# legacy SCC login nodes
Host gwdu101 gwdu102 login-mdc*
	Hostname %h.hpc.gwdg.de
	User u12345
	IdentityFile ~/.ssh/id_ed25519
	ProxyJump jumphost

# CIDBN
Host login-dbn*
	Hostname %h.hpc.gwdg.de
	User u23456
	IdentityFile ~/.ssh/id_ed25519
	ProxyJump jumphost

# Cramer/Soeding
Host ngs01
	Hostname ngs01.hpc.gwdg.de
	User u34567
	IdentityFile ~/.ssh/id_ed25519
	ProxyJump jumphost

Complex example using config file tricks

Host myNHRproject1
	User u10123
Host myNHRproject2
	User u10456
Host NHR myNHRproject1 myNHRproject2
	Hostname glogin.hpc.gwdg.de
	IdentityFile ~/.ssh/id_ed25519
Host kisski
	Hostname glogin-gpu.hpc.gwdg.de
	User u10789
	IdentityFile ~/.ssh/id_ed25519
Host glogin* glogin-gpu glogin-p3
	Hostname %h.hpc.gwdg.de
	User nimjdoe
	IdentityFile ~/.ssh/id_ed25519

Host jumphost
	Hostname glogin.hpc.gwdg.de
Host SCC-legacy
	Hostname login-mdc.hpc.gwdg.de
Host SCC-legacy gwdu101 gwdu102 jumphost
	Hostname %h.gwdg.de
	User u12345
	IdentityFile ~/.ssh/id_ed25519
Host SCC-legacy gwdu101 gwdu102
	ProxyJump jumphost