Remote Connection via SSH Gateway

Learn about connecting to systems hosted in NREL's high-performance computing (HPC) environment.

If you’re connecting remotely to Eagle from a non-NREL computer, follow these instructions for connecting via the SSH gateway.

Note: Eagle users are best served by their dedicated external access points. See Connecting to HPC Systems for more information. For security reasons, you cannot use SSH gateway connections for tunneling, X11 visualization, or file transfers.

Eagle users must use the Gateway currently, but it is not required for Kestrel users.

You'll need your HPC username, password, and a multifactor token to proceed. With that, you can SSH to the gateway server, and from there, jump to other HPC systems.

Gateway server: hpcsh.nrel.gov
Username: Your HPC username
Password: Your HPC password PLUS the 6-digit token

On Windows:Follow the PuTTY documentation to connect. Make sure to connect to host hpcsh.nrel.gov.

On Mac or Linux: Use the built-in Terminal app to execute the following command:

ssh <username>@hpcsh.nrel.gov

The first time you log in you will be prompted to verify the RSA, ECDSA, or ED25519 key fingerprint. Depending on which version of OpenSSH you're using, you will see a prompt to accept a host fingerprint similar to the images below. Verify the fingerprint matches one of the fingerprints listed on this page, and type yes at the prompt.

If the fingerprint does not match, please contact us before proceeding or allowing the connection.

For the RSA key fingerprint (md5 hash in hex format)

Screenshot of the fingerprint

or for the ECDSA key fingerprint (md5 hash in hex format)

Screenshot of the fingerprint

 As of February 2024, the following are the new SHA256 fingerprints (as shown in OpenSSH 6.8 and newer) for hpcsh.nrel.gov:

SHA256:ZFjSuC8Nx2NsW4dJ4SjhlFMC8xE/4lYDnvP6h0C1xGM hpcsh.nrel.gov (RSA)
SHA256:QQdXt/YK2UW0veHsor9vOfLBwB+8bE5SP8G6ng+/2ys hpcsh.nrel.gov (ECDSA)
SHA256:bQ8qR8vhRtK5DAO9WPBNfXVtBIUcy8aqdFa0a1DzhFs hpcsh.nrel.gov (ED25519)

 

If you used hpcsh.nrel.gov prior to February 2024, you may see an error message that includes "@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @". If you see this error, you will need to delete the host fingerprint for the old hpcsh.nrel.gov stored on your computer.

To delete the old host fingerprint, you may either manually locate the line for hcpsh.nrel.gov in known_hosts and delete it (if your ~/.ssh/known_hosts file is plain-text/human readable) or you may run an ssh command to delete the entry automatically:

     ssh-keygen -R hpcsh.nrel.gov

Once the old key is deleted please ssh to the system again, and follow the fingerprint confirmation instructions above.

 

Example connection process to hpcsh:

Assume your username is eagleuser, your password is ^somEAw40meB4zz, and the token displays 392954.

Windows: Open PuTTY and connect to hpcsh.nrel.gov

Mac or Linux: Open Terminal and run ssh eagleuser@hpcsh.nrel.gov

At the password prompt, enter your password combined with the token display:
^somEAw40meB4zz392954

After a few seconds, you should be logged into the hpcsh gateway server. From there, you can ssh to Eagle or other HPC systems by executing the command:

ssh <hostname>.hpc.nrel.gov

For example, to connect to Eagle, use...

ssh eagle.hpc.nrel.gov

You will be prompted to log into the new system; use your username and password only (no token this time).

Having trouble? As always, contact us.


Share