Skip to content

Connecting to the clusters#

Connection to the clusters using SSH#

Before being able to connect to one of SCITAS' clusters, you will need:

To connect to one of the clusters, you will need to use the SSH protocol. If you don't need to use GUIs:

ssh <username>@<cluster>
If you wish to use GUIs, you need to add the -X option to enable X11 forwarding
ssh -X <username>@<cluster>
On the Izar cluster, you will be asked for a password every time you want to ssh a node from the frontend. To avoid this, please forward your agent :

ssh -A <username>@<cluster>

Here, <username> is your GASPAR username and <cluster> is one of the following: jed, izar, or helvetios. Please note that Helvetios is reserved for classes.

EPFL Network

Please note that from outside of the EPFL network, you will need to connect to the VPN.

SSH clients

SSH clients are available by default on Apple macOS and Linux.

For MS Windows, we recommend Git Bash, PuTTY, MobaXterm or Windows Subsystem for Linux.

Setting up a passwordless connection#

Every time you will connect to one of the machines using SSH, you will be prompted to enter your GASPAR password. You can also use a second method that will use a pair of cryptographic keys instead. This way, you will be able to connect without password from trusted clients only.

Overwriting your current SSH key

If you already had generated ssh keys, do not repeat this procedure at the cost of overwriting them. You can simply reuse the ones you have already generated.

If it is not already done, you will first need to generate a cryptographic key pair:

$ ssh-keygen -t ed25519 -C "${USER}@clusters" -f ${HOME}/.ssh/id_ed25519
Generating public/private ed25519 key pair.
Your identification has been saved in /home/user/.ssh/id_ed25519
Your public key has been saved in /home/user/.ssh/
The key fingerprint is:
SHA256:Scb2MvoeHNItjuzsYxeOfnPApWqhBDXKHjNkLG6FHso username@clusters
The key's randomart image is:
+--[ED25519 256]--+
| ..              |
|.o+.o  .         |
|==oo .  =        |
|.EB    = +.      |
|.. =  ..Soo      |
|  . ...*==       |
|   . .+=+o       |
|    .o*.=..      |
|     ===oo       |
Here, we use the EdDSA (elliptic-curve cryptography) key type. You will be asked:

  • A passphrase (password) to protect your key.

Once this is done, you will have a folder ~/.ssh which contains two files:

  • this is your public key. It is not a secret and you can share it with anyone.
  • id_ed25519: this is your secret key. Do not share it at any condition. It has to stay on your computer.

You can now export your public key to the clusters so that you can connect without password:

ssh-copy-id -i ${HOME}/.ssh/ <username>@<cluster>
Note that since the /home folder is shared between all the machines, you will need to do this once on any machine.

You can now test that everything went correctly by connecting to one of the clusters. You may be asked to enter your passphrase once, but after that all the connections will be done without password.

Security risk

Please, note that with this method, everyone connected to your session will be able to connect to any machine for which you have set up a passwordless connection. Obviously, this procedure should not be done on a public computer.


An SSH server is identified by a key used to derive the connection's security. A fingerprint of the key is kept on the SSH client at the first login and compared at every consequent login. If the key changes after some time, the SSH client refuses to connect and you see this error. It's required from you that you check that the server you're connecting to is legit and you're not being hacked. Usually, it means contacting the server administrator to ask for the new key fingerprint. You can then remove the old offending key from your ~/.ssh/know_hosts file and connect again. You'll be asked to accept the new key fingerprint.

Check the current fingerprint, against the list you can find below:

ssh-keygen -F -l

If the fingerprint doesn't match, remove the offending key (in this example for

ssh-keygen -R

Here's the list of fingerprints for our cluster frontends:





Upon connection on one of our clusters you will be greet by a Message Of The Day (MOTD):

The MOTD contains four main parts:

  • The header, which contains the cluster name, a link to its specification and sometimes other information. This part is different for each cluster.

  • The announcements, which contains multiple section. Each section can have multiple messages ordered by priority, high at the top. This part is different for each cluster.

  • The Sausage part, which displays your current consumption of all our clusters for the current month. This part is generic.

  • The infos part, which contains a list of links and contact to help you with SCITAS. This part is generic and displays also the name and the version of the software build by SCITAS to display this MOTD.

Last update: August 30, 2023