A-1. You must create your daily SSH key to connect to CSCS systems and add them to your SSH agent.
me@laptop:~$ git clone https://github.com/eth-cscs/sshservice-cli.git ... me@laptop:~$ cd sshservice-cli me@laptop:~/sshservice-cli$ bash cscs-keygen.sh Username : myuser Password: Enter OTP (6-digit code): ... me@laptop:~/sshservice-cli$ ssh-add -t 1d ~/.ssh/cscs-key Enter passphrase for /home/me/.ssh/cscs-key: Identity added: /home/me/.ssh/cscs-key (www-data@2469cb91e9d0) Lifetime set to 86400 seconds Certificate added: /home/me/.ssh/cscs-key-cert.pub (myuser) Lifetime set to 86400 seconds me@laptop:~/sshservice-cli$ ssh-add -L ssh-ed25519 ... www-data@... ssh-ed25519-cert-v01@openssh.com ... www-data@... |
A-2. You must generate also your public key from the private one.
me@laptop:~$ ssh-keygen -y -f ~/.ssh/cscs-key > ~/.ssh/cscs-key.pub Enter passphrase: me@laptop:~/sshservice-cli$ ls -a ~/.ssh . .. cscs-key cscs-key-cert.pub cscs-key.pub |
A-3. You must copy your public key on the remote system to be consumed by the container configuration
me@laptop:~$ scp -J myuser@ela.cscs.ch ~/.ssh/cscs-key.pub myuser@clariden.cscs.ch:~/.ssh/ |
B-1. Create the data structure for VSCode in advance on the remote system in order to prevent downloading VSCode binaries multiple times.
[clariden][myuser@clariden-ln001 ~]$ mkdir -p ~/.vscode-server [clariden][myuser@clariden-ln001 ~]$ touch ~/.wget-hsts |
B-2. Configure an EDF file for your container environment
[clariden][myuser@clariden-ln001 ~]$ enroot import Usage: enroot import [options] [--] URI Import a container image from a specific location. Schemes: docker://[USER@][REGISTRY#]IMAGE[:TAG] Import a Docker image from a registry dockerd://IMAGE[:TAG] Import a Docker image from the Docker daemon podman://IMAGE[:TAG] Import a Docker image from a local podman repository ... |
i.e.
[clariden][myuser@clariden-ln001 ~]$ cat ~/.edf/vscode-pytorch.toml image = "nvcr.io#nvidia/pytorch:24.01-py3" writable = true mounts = ["/iopsstor/scratch/cscs/myuser:/iopsstor/scratch/cscs/myuser", "/users/myuser/.vscode-server:/users/myuser/.vscode-server", "/users/myuser/.wget-hsts:/users/myuser/.wget-hsts", "/users/myuser/.bash_history:/users/myuser/.bash_history"] workdir = "/iopsstor/scratch/cscs/myuser" [annotations.com.hooks.ssh] enabled = "true" authorize_ssh_key = "/users/myuser/.ssh/cscs-key.pub" |
B-3. Start a Container Engine (CE) job for your container instance on the remote system
B-4. (Temporary workaround) Update permissions of authorized_keys file
myuser@nid00XXXX:/iopsstor/scratch/cscs/myuser$ chmod g-w ~/.ssh/authorized_keys |
C-1. Configure your local SSH client to access the remote container instance
me@laptop:~$ cat ~/.ssh/config ... Host clariden.cscs.ch AddKeysToAgent yes ForwardAgent yes User myuser ProxyJump myuser@ela.cscs.ch Host nid00XXXX.clariden.cscs.ch Hostname nid00XXXX AddKeysToAgent yes ForwardAgent yes User myuser ProxyJump myuser@ela.cscs.ch,myuser@clariden.cscs.ch Host container.nid00XXXX.clariden.cscs.ch Hostname nid00XXXX AddKeysToAgent yes ForwardAgent yes ControlMaster no StrictHostKeyChecking no UserKnownHostsFile /dev/null User myuser Port 15263 IdentityFile /home/me/.ssh/cscs-key ProxyJump myuser@ela.cscs.ch,myuser@clariden.cscs.ch ... |
C-2. Check that you can SSH into the container
me@laptop:~/.ssh$ ssh container.nid00XXXX.clariden.cscs.ch Warning: Permanently added '[nid00XXXX]:15263' (ECDSA) to the list of known hosts. myuser@nid00XXXX:~$ python --version Python 3.10.12 |
Remote.SSH: Remote Server Listen On Socket" as recommended at VScode gets killed page.In principle this workflow should work with pytorch container from nvidia, other container images must anyway provide some basic requirements in order to work via Visual Studio Code remote development.
See Requirements at https://code.visualstudio.com/docs/remote/linux