Logging In to the Controller
Clusters use one node, called a controller, to delegate tasks to compute nodes so they can carry out commands and complete jobs. You can complete many tasks on the PW platform after logging in to the controller, such as submitting jobs and transferring data.
There are multiple ways to log in to the controller.
From Within the Platform
After you’ve started a cluster, click on its IP address in the module My Computing Resources to copy it.
Expand the IDE by clicking the terminal icon. If a terminal doesn’t appear in the IDE automatically, you can open one by selecting Terminal > New Terminal. By default, the terminal will show
Enter the command
ssh username@IPaddress. The terminal will display your last login and location.
Each time you start a cluster, the controller will be assigned a random IP address from the cloud provider’s available addresses. If you stop the cluster, this IP address is released automatically and will most likely not be the same when you start the cluster again.
Although it’s unlikely that you’ll encounter the same cluster IP address, it may occur if you start and stop a cluster frequently. You may receive the following message:
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!.
To resolve the issue, enter the command
ssh-keygen -R controllerIPaddress. You should see the following message:
[demo@pw-user-demo ~]$ ~ ssh-keygen -R 18.104.22.168
# Host 22.214.171.124 found: line 137
Original contents retained as /Users/demo/.ssh/known_hosts.old
[demo@pw-user-demo ~]$ ~ ssh canary.parallel.works
The authenticity of host '126.96.36.199' can't be established.
ED25519 key fingerprint is SHA256:KzR9SCW5QKmICeH2e5z7ZHPgAdoUOUuBNpkqj8UqSog.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?
yes. You'll see a message that the IP address has been added to the list of known hosts.
Warning: Permanently added '188.8.131.52' (ED25519) to the list of known hosts.
Last login: Wed Jan 11 16:40:36 2023 from 104-60-190-63.lightspeed.hstntx.sbcglobal.net
From Outside the Platform
Logging In With Configuration Settings
If you want to access a cluster from the terminal or command line on your computer, you can use an SSH key to log in to the controller (see What if I don't have an SSH key? below if you need help).
While your cluster is off, navigate to your cluster’s configuration settings by clicking its gear icon in the module My Computing Resources or by clicking its name in the Compute page.
Paste your public SSH key into the Access Public Key dialog box and select Save Resource.
Now you can start the cluster. Once the cluster is active, navigate to the terminal or command line on your device and enter the cluster’s IP address with
You’ll receive the message
Are you sure you want to continue connecting (yes/no/[fingerprint])?.
yes. The terminal or command line will display
Warning: Permanently added 'ResourceName.clusters.pw' (ECDSA) to the list of known hosts as well as your last login and location.
Now you can send commands to the controller from your remote device.
Logging In With Account Settings
You can also add an SSH key to your PW account, which will allow you to log in to any active cluster from any device with that SSH key on it. For more information, please see Managing SSH Keys.
Why don't I have to use an SSH key from within the platform?
Each user's workspace has an SSH key preprovisioned, so logging in to the controller through the IDE doesn't require SSH key management. The public key is automatically propagated to the controller while the private key stays inside your workspace.
Whenever you start a new cluster, a new key is generated and propagated to facilitate SSH to compute nodes. This process works because the home directory is shared across all nodes in the cluster; adding your public workspace key to the
authorized_keys file on the controller automatically allows you to SSH to the compute nodes too.
You can access your public workspace key at any time with the command
cat ~/.ssh/pw_id_rsa.pub in an IDE terminal.
Why do I see
__ failed login attempts the first time I log in to the controller?
These failed login attempts won't affect your cluster's performance: they're a result of how our platform communicates with cloud service providers to make resources available.
During the provisioning process, our platform repeatedly tries to SSH to the controller. While the controller comes online, the platform attempts to establish a tunnel connection from the user workspace to the controller. Because the user workspace key isn't available on the system until partway through the bootstrap process, the system registers some of these connection attempts as failures.
Below is a diagram of this process.
What if I don’t have an SSH key?
The steps below will guide you through finding and creating SSH keys on your device for both macOS and Windows.
Check for SSH Keys
Open Terminal (macOS) or Command Prompt (Windows). Enter
ls .ssh to check for SSH keys on your device. If you’ve never generated an SSH key, you’ll see the message
ls: .ssh: No such file or directory.
If you do have SSH keys on your device, they’ll be listed. If you want to use one of your existing keys, see Get Your Public Key below.
Create an SSH Key
ssh-keygen. You’ll see the following message:
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/YourName/ .ssh/id_rsa):
Type the name of the new location, or press return/enter if you want to keep the default location. If this is the first time you’ve generated an SSH key and you use the default location, you'll see
Created directory ' /Users/YourName/ .ssh'..
You'll be prompted to enter a passphrase for your SSH key with the following message:
[Enter passphrase (empty for no passphrase):
[Enter same passphrase again:
Enter a passphrase, or press return/enter for both lines if you don’t want to use one. You'll see the following message, along with your key fingerprint and the key’s randomart image:
Your identification has been saved in /Users/YourName/ .ssh/id_rsa
Your public key has been saved in /Users/YourName/ .ssh/id_rsa.pub
ls .ssh again. Now you'll see your private and public SSH keys.
Get Your Public Key
cat .ssh/id_rsa.pub. You’ll see the full contents of your public SSH key.
Copy all of the text from the beginning of
ssh-rsa to the end of
local. This is what you’ll paste into the Access Public Key text box in your cluster’s configuration settings or the Key text box in Account > Authentication > Key.
For safety's sake, never store a private SSH key on a server. If someone gained access to your private key, they could use it to access any other device that key protects.
What if I use PuTTY?
Public SSH keys must be in OpenSSH format before you can use them on the PW platform. If you use PuTTY, your SSH keys are likely saved in a PPK format like this:
Before copying a PPK key, it must be converted to OpenSSH format. The easiest way to do this is with PuTTYgen, typically included with PuTTY installations. Below is a CLI example using PuTTYgen to convert a PPK key to OpenSSH format:
$ puttygen putty_key.ppk -L -o putty_key.pub
# Command explanation:
* 'putty_key.ppk' -> the source key file
* '-L' -> OpenSSH public key output type
* '-o putty_key.pub' -> The output file name
The result is a single line public key file in OpenSSH format:
$ cat putty_key.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAo7FYgire/SVeCEmN3CLxKgQhG5kCqt+eL4VUX81/zO+lf1P8RjsjCNLrRd0o2zfquhaNFbYKA+DSo6Vpg18EYHiQA/HgEOgzUAF7Tq4OaZl3yVyJKjzxQDXHnRhnJmCJ438PJD69crQh4apGtuPQuJOOKJe1PCpcp7FyP2+y2Hb0wM23K60tWsML9wf2P6gsY/vYxV+wNlohJa9LuY2dtk39kCs/5tmIOfHitOE+3ZjxzYTV0xlLNF+Gjxm1GV38YIa9R9fzdMXqm2HiHFbT5YbB6MaB/brDhVtOdLha0y8OITQosmogA13mOcfYLlbgou65eHT+Nj9tALKEX3LgDw== rsa-key-20211005
Now you can copy and paste this key into the cluster’s configuration settings on the PW platform.