SSOSSH

SSOSSH is a tool that brings single sign on to MLeRP. You can use it as an alternative to managing SSH keys when connecting via VS Code or your terminal.

The tool works by generating an SSH Certificate rather than the usual approach of adding a public key to the list of authorised keys. This is more secure since the certificate will only be valid for 24 hours, requiring you to go through your organisation’s single sign on again to renew the certificate.

This also means that you will no longer need to add your key manually since this will be handled automatically.

SSOSSH uses a configuration file in your user’s home directory named ~/.authservers.json. This file should be a list of configs for the clusters you wish to connect to.

For MLeRP QCIF:


[
    {
        "authorise": "https://sshauthz.cloud.cvl.org.au/pysshauthz/oauth2/oauth/authorize/choose",
        "base": "https://sshauthz.cloud.cvl.org.au/pysshauthz/oauth2/",
        "cafingerprint": "SHA256:ywDDZvIbx7B2AxujVIsW433fd4Sl1aZ0wl4FFsCRX/E",
        "client_id": "Q96kt2Vtw6S78dpORktM81DH",
        "desc": "<div>MLeRP</div>",
        "icon": null,
        "login": "mlerp-login0.mlerp.cloud.edu.au",
        "logout": "https://sshauthz.cloud.cvl.org.au/pysshauthz/oauth2/logout",
        "name": "MLeRP_QCIF",
        "proxy": "/nfs/opt/sv2/sshnc.sh",
        "scope": "user:email",
        "sign": "https://sshauthz.cloud.cvl.org.au/pysshauthz/sign/mlerp_users/api/v1/sign_key"
    }
]
For MLeRP Monash:


[
    {
        "authorise": "https://sshauthz.cloud.cvl.org.au/pysshauthz/oauth2/oauth/authorize/choose",
        "base": "https://sshauthz.cloud.cvl.org.au/pysshauthz/oauth2/",
        "cafingerprint": "SHA256:ywDDZvIbx7B2AxujVIsW433fd4Sl1aZ0wl4FFsCRX/E",
        "client_id": "Q96kt2Vtw6S78dpORktM81DH",
        "desc": "<div>MLeRP</div>",
        "icon": null,
        "login": "monash-mlerp-login0.mlerp.cloud.edu.au",
        "logout": "https://sshauthz.cloud.cvl.org.au/pysshauthz/oauth2/logout",
        "name": "MLeRP_Monash",
        "proxy": "/apps/strudel2/strudel_apps/sshnc.sh",
        "scope": "user:email",
        "sign": "https://sshauthz.cloud.cvl.org.au/pysshauthz/sign/mlerp_users/api/v1/sign_key"
    }
]

You can pip install SSOSSH with:

pip install git+https://github.com/HecticHPCSolutions/ssossh

or if you want to test an experimental feature:

pip install git+https://github.com/HecticHPCSolutions/ssossh@branch-name

After installation you should be able to run ssossh in your favourite terminal to run the program. By default it will create the SSH keys and certificates in your .ssh folder, but you can optionally change this path or have it add direct to your SSH Agent which you may find to be neater. We recommend using the --setssh flag the first time you use SSOSSH to set up some default SSH configurations to connect to the login node and start up a Jupyter session.

ssossh --setssh
ssh MLeRP_Monash_login

Now that the SSH configurations have been generated you will not need this flag. Each time you can simply rerun the ssossh program to refresh your certificates then use your SSH or VS Code remote session as per normal.

ssossh
ssh MLeRP_Monash_login

You can read more about SSOSSH at its GitHub Repo.