About SSH

SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.

SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections. SSH uses a client-server protocol.

SSH uses private/public key pairs to log into another host. Users no longer have to supply a password every time they log on to a remote host.

SSH is used when running any of the following:

  • Remote log on to a lightly loaded host (lslogin)

  • An interactive job (bsub -IS | -ISp | ISs)

  • An interactive X-window job with X11 forwarding (bsub -XF)

  • An interactive X-window job, without X11 forwarding (bsub -IX)

  • An externally submitted job (esub)

X-Window job options

Depending on your requirements for X-Window jobs, you can choose either bsub -XF (recommended) or bsub -IX. Both options encrypt the X-Server and X-Clients.

Mode

Benefits

Drawbacks

bsub -XF (X11 forwarding): Recommended

  • Any password required can be typed in when needed.

  • Does not require the X-Server host to have the SSH daemon installed.

  • The user must enable X11 forwarding in the client.

  • Submission and execution hosts must be UNIX.

bsub -IX (interactive X-window)

  • The execution host contacts the X-Server host directly (no user steps required).

  • Hosts can be any OS that OpenSSH supports.

  • Requires the SSH daemon installed on the X-Server host.

  • Must use private keys with no passwords set.

Scope

Table 1. SSH X11 forwarding (-XF)

Applicability

Details

Dependencies

  • OpenSSH 3.9p1 and up is supported.

    OpenSSL 0.9.7a and up is supported.

  • You must have SSH correctly installed on all hosts in the cluster.

  • You must use an SSH client to log on to the submission host from the display host.

  • You must install and run the X-Server program on the display host.

Operating system

  • Only UNIX for submission and execution hosts. The display host can be any operating system.

Limitations

  • You cannot run with bsub -K, -IX, or -r.

  • You cannot bmod a job submitted with X11 forwarding.

  • Cannot be used with job arrays, job chunks, or user account mapping.

  • Jobs submitted with X11 forwarding cannot be checked or modified by esubs.

  • Can only run on UNIX hosts (submission and execution hosts).
Table 2. Interactive X-window without X11 forwarding (-IX)

Applicability

Details

Dependencies

  • You must have OpenSSH correctly installed on all hosts in the cluster.

  • You must generate public/private key pairs and add the content of the public key to the authorized_keys file on remote hosts. For more information, refer to your SSH documentation.

  • For X-window jobs:

    • You must set the DISPLAY environment variable to X-serverHost:0.0, where X-serverHost is the name of the X-window server. Ensure that the X-server can access itself. Run, for example, xhost +localhost.

Operating system

  • Any OS that also supports OpenSSH.

Limitations

  • Cannot be used with job arrays or job chunks.

  • Private user keys must have no password set.

  • You cannot run with -K , -r, or -XF.
Parent topic: Submitting Jobs with SSH