Bright Cluster Manager generates the SSH keys for cluster users using ECDSA instead of RSA algorithm. However, this might cause X11-Forwarding through srun to fail to work in some versions of Slurm (due to a known bug reported here). Please note that this only affects SLURM versions 17.11 and 18.08, newer version of SLURM can use the existing ECDSA key already generated.
This problem might be reproduced as follows:
- Enable X11-Forwarding in Slurm by adding the option PrologFlags=X11 to the Slurm configuration file (slurm.conf). For Bright Cluster Manager 9.2 this is updated via the following command.
cmsh -c 'wlm use slurm; append prologflags x11; commit' - Reload the slurm configuration and confirm the PrologFlag is active
scontrol reconfigre; scontrol show config | grep PrologFlags - Run an X application using srun. For example:
srun --x11 xclock - If the cluster is running SLURM 17.11 or 18.08 and you are seeing the following error:
Error: Can't open display: localhost:10.0
srun: error: node001: task 0: Exited with exit code 1
This problem can be solved by generating RSA keys along with the ECDSA keys for all users. For bash/sh users, this can be accomplished by creating the file /etc/profile.d/rsa_ssh.sh as root, with the following contents:
if [ "$(id -u 2>/dev/null)" != "0" ]; thenif [ ! -f ~/.ssh/id_rsa ]; thenif [ -w ~ ]; thenecho Creating RSA key for sshssh-keygen -t rsa -f ~/.ssh/id_rsa -q -N ""cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keyschmod 600 ~/.ssh/authorized_keys ~/.ssh/id_rsa ~/.ssh/id_rsa.pubfififi
Similarly, for csh users, create the file /etc/profile.d/rsa_ssh.csh with these contents:
if ( "'id -u'" != "0" ) thenif ( ! -e ~/.ssh/id_rsa ) thenif ( -w ~/ ) thenecho Creating RSA key for sshssh-keygen -t rsa -f ~/.ssh/id_rsa -q -N ""cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keyschmod 600 ~/.ssh/authorized_keys ~/.ssh/id_rsa ~/.ssh/id_rsa.pubendifendifendif
And apply the correct permissions: chmod 644 /etc/profile.d/rsa_ssh.?sh