Oracle Cloud Infrastructure Documentation

Connecting to a Cluster Node Using SSH

To connect to a Big Data Service cluster node through a command shell, use Secure Shell (SSH).

An SSH key pair is created when a cluster is created, and the public key is installed on all nodes of the cluster. See Creating a Cluster. For information about creating other key pairs, see Managing Key Pairs on Linux Instances.

Prerequisites
To use SSH to connect to a cluster, you must:
  • Have access to the private SSH key that's associated with a public key assigned to the cluster.

    Note also that permissions on the private key file must allow you read/write/execute access, but prevent other users from accessing the file. For example, to set appropriate permissions, you might enter chmod 600 ~/.ssh/my_keys/my_host_key_filename. The SSH utility ignores the private key file if permissions aren't set correctly and the private key file is accessible to other users.

  • Know the public IP address of the node you want to connect to. You can find the IP address by looking at the Node Details page in the Oracle Cloud Console. See Getting a Cluster Node's Details.
  • Ensure port 22 is open. See Defining Security Rules.
Connecting to the Cluster by Using SSH at the Command Line:

To connect to a node in a public subnet:

  1. Use the following command to set the file permissions so that only you can read the file: 
    $ chmod 400 <private_key>

    <private_key> is the full path and name of the file that contains the private key associated with the cluster you want to access.

  2. Use the following SSH command to access the cluster.
    $ ssh –i <private_key> <username>@<public-ip-address>

    <private_key> is the full path and name of the file that contains the private key associated with the instance you want to access.

    <username> is the default name for the cluster. The default username is opc.

    <public-ip-address> is the public IP address of the cluster node you want to access.

Note

If the SSH private key isn't stored in the file or in the path that the ssh utility expects (for example, the SSH utility might expect the private key to be stored in ~/.ssh/id_rsa), you must explicitly specify the private key filename and location in one of two ways:

  • Use the -i option to specify the filename and location of the private key. For example, ssh -i ~/.ssh/my_keys/my_host_key_filename opc@192.0.2.254
  • Add the private key filename and location to an SSH configuration file, either the client configuration file (~/.ssh/config) if it exists, or the system-wide client configuration file (/etc/ssh/ssh_config). For example, you might add the following:Host 192.0.2.254 IdentityFile ~/.ssh/my_keys/my_host_key_filename

For more about the SSH utility's configuration file, enter man ssh_config

Connect to Nodes in Private Subnets by Using SSH

Worker nodes in private subnets have private IP addresses only (they don't have public IP addresses). They can only be accessed by other resources inside the VCN. We recommend using bastion hosts to control external access (such as SSH) to worker nodes in private subnets. A bastion host is in a public subnet, has a public IP address, and is accessible from the internet. For more information about bastion hosts, see the technical paper Bastion Hosts: Protected Access for Virtual Cloud Networks and Bastion documentation.

Connect By Using PuTTY on Microsoft Windows
  1. Open putty.exe.
  2. In the Category pane, expand Window, and then select Translation.
  3. In the Remote character set drop-down list, select UTF-8. The default locale setting on Linux-based instances is UTF-8, and this configures PuTTY to use the same locale.

  4. In the Category pane, select Session and enter the following:

    • Host Name (or IP address): 

      <username>@<public-ip-address>

      <username> is the default name for the instance. The default username is opc.

      <public-ip-address> is your instance public IP address that you retrieved from the Console

    • Port: 22

    • Connection type: SSH

  5. In the Category pane, expand Connection, expand SSH, and then click Auth.
  6. Click Browse, and then select your private key.
  7. Click Open to start the session.

    If this is your first time connecting to the instance, you might see a message that the server's host key is not cached in the registry. Click Yes to continue the connection.

Running Administrative Tasks on the Instance

When you're logged in as the default user, opc, you can use the sudo command to run administrative tasks, such as creating users and groups to be used to access the cluster.