===== Access to VSC =====

Since November 2013, access to VSC has been restricted to IP addresses associated with participating partner universities of the VSC project. Users wishing to connect from outside these IP ranges must first log in to a machine or service within their university network.

Common methods for connecting include using a Virtual Private Network (VPN) or an SSH gateway provided by the university.

For further guidance, refer to [[doku:login_data_transfer|Login and Data Transfer]] and [[doku:win2vsc|Connecting from Windows]].

=== VPN Services ===
  * University of Vienna: [[http://zid.univie.ac.at/en/vpn|English]] | [[http://zid.univie.ac.at/vpn/|German]]
  * TU Vienna: [[https://www.it.tuwien.ac.at/en/services/network-and-servers/tuvpn|English]] | [[https://www.it.tuwien.ac.at/services/netzwerk-und-server/tuvpn|German]]
  * University of Innsbruck: [[http://www.uibk.ac.at/zid/netz-komm/vpn/|German]]
  * University of Graz: [[https://it.uni-graz.at/de/services/zugang-zum-uninetz/vpn/|German]]
  * TU Graz: [[http://portal.tugraz.at/portal/page/portal/zid/netzwerk/zugang/vpn|Web Single Sign-On]]

=== SSH Gateway ===

Users may initially connect to any Linux machine within their university network and then access VSC. Some universities offer a dedicated SSH gateway. (If you are unsure how to connect, please contact your local IT services.)

====== Using SSH Keys and SSH Agent to Connect to VSC ======

==== Verify Permissions of Your Local `.ssh` Directory ====
<code>
user@host:~$ ls -dl ~/.ssh
drwx------ 4 user user 4096 Dec  6 09:20 /home/user/.ssh</code>
Ensure this directory is accessible only to your user. If permissions differ from the example above, adjust them with:<code>
user@host:~$ chmod 700 ~/.ssh
</code>

==== Generate SSH Key ====
Your SSH passphrase should be as robust as your password. Generate your key with:<code>
user@host:~$ ssh-keygen -t rsa
</code>
By default, the private and public keys are stored in your `$HOME/.ssh` directory. The `id_rsa` file is the private key and should be kept secure and confidential. The `id_rsa.pub` file is the public key used for authentication on remote machines. Verify the permissions of these files to ensure they are correct. They should appear as follows:<code>
user@host:~$ ls -la ~/.ssh/id_*
-rw------- 1 user user 1766 Dec  6 09:15 /home/user/.ssh/id_rsa
-rw-r--r-- 1 user user  394 Dec  6 09:15 /home/user/.ssh/id_rsa.pub
</code>
For more details, see [[doku:sshkeygen|sshkeygen]].

==== Prepare Remote Machine ====
To log in with your key on a remote machine, you must add the contents of your `id_rsa.pub` file to the `authorized_keys` file in the `.ssh` directory of the remote machine. Log in to the remote machine and use a text editor to append your public key. Verify the permissions of the `authorized_keys` file:<code>
user@remote_host:~$ ls -l .ssh/authorized_keys
-rw------- 1 user user 1194 Dec  6 09:39 .ssh/authorized_keys
</code>
Alternatively, you can use the ''`ssh-copy-id`'' command to transfer your key:<code>
user@remote_host:~$ ssh-copy-id <username>@vscX.vsc.ac.at  # X denotes the cluster number
</code>

For example:<code>
user@remote_host:~$ ssh-copy-id <username>@vsc5.vsc.ac.at   # The 5 indicates VSC-5
</code>


==== Logging In with SSH Keys ====
To use SSH keys:
  * They may be added to an `ssh-agent`, which many window managers run by default. The `ssh-agent` prompts for your passphrase once and caches it for subsequent connections.
  * Alternatively, specify the SSH key using the `-i` parameter or configure it in ''`~/.ssh/config`''.

==== Connect to Cluster via SSH Key ====
<code>
ssh -p 27 <username>@vscX.vsc.ac.at   # Replace vscX with the cluster name
</code>
For example:<code>
ssh -p 27 <username>@vsc5.vsc.ac.at   # The 5 indicates VSC-5
</code>

=== Using a Jump Host ===
You can use SSH keys even when connecting through one or more intermediate hosts. Use the `-J` option to specify the jump host. Ensure the public key is added to the ''`authorized_keys`'' file on all intermediate hosts.

==== Configuration in `.ssh/config` ====

You may specify parameters for each host in ''`~/.ssh/config`'' on your local machine(also visible with ''`man ssh_config`''). Example configuration:
<code>
Host vsc5.vsc.ac.at vsc5
  Port 27
  User vsc_username
#  ForwardAgent yes
  IdentityFile id_rsa
  IdentitiesOnly yes
#  ForwardX11 yes
</code>

=== Configuration for Using a Jump Host ===
To configure automatic use of a jump host:
<code>
Host vsc5.vsc.ac.at vsc5
  User vsc_username
  ProxyJump login.univie.ac.at

Host login.univie.ac.at
  User uni_username
</code>

===== Security Considerations =====
  * While it is technically possible to create an SSH key without a passphrase, doing so would compromise security, as anyone with the key could establish a connection.
  * Forwarding SSH keys, such as by aliasing the `ssh` command, is discouraged, especially when connecting to less secure servers. An attacker with administrator access could exploit forwarded keys.
  * One of the most significant security risks is creating a passphrase-less SSH key and copying the public key directly into the `authorized_keys` file on the same server. This practice, though convenient, allows anyone with access to the account to connect from any location indefinitely. If necessary, combine this method with host access restrictions, e.g., in ''`~/.ssh/authorized_keys`'': ''`from="*.trusted.host.example.com"`'' (refer to [[https://www.linux.org/docs/man8/sshd.html|man sshd]] for more information).