Instance Setup
SSH/SCP
26 min
about ssh ssh (secure shell) is a protocol for safely connecting to remote servers it encrypts your connection so you can log in securely run commands remotely transfer files without exposing your data vast ai instances are configured to accept keys only password authentication is disabled for improved security quck start generate and add your ssh key to your vast account 1 generate a ssh key pair in your terminal ssh keygen t ed25519 c "your email\@example com"ssh keygen t ed25519 c "your email\@example com" creates two files (by default in / ssh/) id ed25519 → your private key (keep safe, never share) id ed25519 pub → your public key (safe to share, add to servers) c "your email\@example com" is optional whatever you put there is stored as a comment in the public key file (e g , id ed25519 pub) it’s just for identification (helpful if you use multiple keys), not for security when you run ssh keygen t ed25519 in windows powershell , the keys are created in your windows user profile folder 2 copy your public key # print the public key cat / ssh/id ed25519 pub ssh ed25519 aaaac3nzac1lz9ddi1nte5aaaaihwgylmt8cxcili/i3dsrvx74hnchkm4jsnfu0wmcv0a# print the public key get content $env\ userprofile\\ ssh\id ed25519 pub ssh ed25519 aaaac3nzac1lz9ddi1nte5aaaaihwgylmt8cxcili/i3dsrvx74hnchkm4jsnfu0wm 3 add it in your vast account add & generate ssh key (using vast cli ) install vast cli pip install vastaipy m pip install vastai \# or python m pip install vastai generate an api key in your vast account open cli page create an api key api key creation generate a new ssh key pair (you will new your vast api key) cli vastai create ssh key api key your api key cli vastai set api key your api key vastai create ssh key saves keys as / ssh/id ed25519 (private) and / ssh/id ed25519 pub (public) backs up existing keys as backup \<timestamp> keys are stored in your vast account and used for new instances adding a key to your account keys only applies to new instances existing instances will not get the new key automatically to add a key, use the instance specific ssh interface for vm instances , changing keys requires recreating the vm connecting to your instance start a new instance and click the ssh icon to see your connection information connection details now you can enter the connection command string into your terminal ssh p 20544 root\@142 214 185 187 l 8080\ localhost 8080 the authenticity of host '\[142 214 185 187] 20544 (\[142 214 185 187] 20544)' can't be established ed25519 key fingerprint is sha256\ wtuphznpn0zikmp+l5etzpich6eez2pa/7+dsxdrjt0 this key is not known by any other names are you sure you want to continue connecting (yes/no/\[fingerprint])? yes you should now see a screen similar to this you will, by default, be placed into a tmux session instance ssh session tmux we connect you to a tmux session by default for reliability and to prevent unintentional termination of foreground processes you can create a new bash terminal window with ctrl+b + c cycle through your windows with ctrl+b + n there is an excellent guide for getting to grips with tmux at https //tmuxcheatsheet com https //tmuxcheatsheet com/ if, however, you would prefer to disable tmux, you can apply the following either in a terminal or from your template's on start section touch / no auto tmux ssh local port forwarding an often overlooked feature of ssh is its ability to forward local ports to another machine when you access a server remotely over ssh, you can make ports from the remote machine available as if they were listening on your own device this is a secure alternative to opening ports on the public interface as all data is transported over the ssh connection ssh p 1234 root\@180 123 123 123 l 8080\ localhost 8080 l 5000\ localhost 5000 this ssh command connects to the remote instance and sets up local port forwarding (ssh tunneling) connection details connects to ip 180 123 123 123 as user root uses port 1234 instead of the default ssh port 22 port forwarding (the key part) l 8080\ localhost 8080 creates a tunnel so when you access localhost 8080 on your local machine, it forwards to port 8080 on the remote server l 5000\ localhost 5000 same thing for port 5000 you can repeat the l arguments to forward as many ports as you need what this means after connecting, you can open your web browser and go to https //localhost 8080 or http //localhost 5000 on your local computer, and you'll actually be accessing services running on those ports on the remote server it's like creating secure "tunnels" through the ssh connection to reach applications on the remote machine that might not be directly accessible from the internet ssh alternative jupyter terminal as a simple alternative to ssh, you might like to consider jupyter terminal instead all instances started in jupyter launch mode will have this enabled it is a very straightforward web based terminal with session persistence it's great for a quick cli session access the terminal from the ssh connections interface troubleshooting you can often determine the exact cause of a connection failure by using the vv arguments with ssh to get more information common reasons include using the wrong private key incorrect permissions for your private key public key not added to instance or account connecting to the wrong port scp & sftp file transfer both scp (secure copy protocol) and sftp (ssh file transfer protocol) are tools for securely transferring files that piggyback on the ssh protocol they use the same authentication and encryption as ssh scp (secure copy protocol) what it is simple, command line tool for copying files between local and remote machines best for quick, one time file transfers syntax scp p \<port> source destination examples \# copy file to instance scp p \<ssh port> my file txt root@\<instance ip> /workspace/ \# copy file from remote server scp p \<ssh port> root@\<instance ip> /workspace/my file txt / \# copy entire directory scp p \<ssh port> r myfolder/ root@\<instance ip> /workspace/ sftp (ssh file transfer protocol) what it is interactive file transfer program with a full command set best for managing files, browsing directories, multiple operations usage cli or gui tools available example \# establish connection sftp p \<ssh port> root@\<instance ip> welcome to vast ai if authentication fails, try again after a few seconds, and double check your ssh key have fun! connected to 79 116 73 220 sftp> ls hasbooted onstart sh note that both scp and sftp take the p argument in uppercase this differs from the ssh command which uses lowercase vs code integration once you have your ssh keys set up, connecting to vs code is quite straightforward we will cover the basics here install the remote ssh extension you will need to add the remote extension named 'remote ssh' open remote window click the open remote window button enter your ssh address details in the box that appears at the top of your window now simply allow a moment for vs code to configure the instance and you will be able to work with the instance as if it was a local machine for more information, see the vs code documentation gui setup guide (windows) several gui tools are available to help with ssh connectivity while it is often most straightforward to use the terminal we will cover some of the popular options here for each application we will assume the following ip address 142 114 29 158 port 46230 username root example ssh details putty putty consists of two important components putty for making connections and puttygen for creating ssh keys first, we will generate a public and private key pair putty uses its own ppk private key type open puttygen and click the 'generate' button you will be asked to move your mouse around until the green bar is full key generation interface once the key generation has completed, save both your public and private key somewhere safe such as in your documents folder optionally you can enter a passphrase for your private key for added security next, copy the full public key to the clipboard and add it to your account at https //cloud vast ai/manage keys/ https //cloud vast ai/manage keys/ save keys interface now that we have a suitable key to use, close puttygen and open the main putty application in the 'session' tab, enter the ip address and the port putty session tab next, move to the 'connection > data` tab and set the auto login username to 'root' connection data tab now navigate to 'connection > ssh > auth > credentials' and browse for the private key ( ppk) that you saved earlier ssh credentials tab finally navigate back to the 'sessions' tab to save the connection details here i have saved the session with the instance id so that i can access it again later save connection finally, click the 'open' button to be connected to your instance putty has many additional features to explore find the full documentation here mobaxterm first, we need to create a public and private key pair mobaxterm uses putty style ppk keys open the application and navigate to tools > mobakeygen (ssh key generator) glick the 'generate' button you will be asked to move your mouse around until the green bar is full key generation interface once the key generation has completed, save both your public and private key somewhere safe such as in your documents folder optionally you can enter a passphrase for your private key for added security next, copy the full public key to the clipboard and add it to your account at https //cloud vast ai/manage keys/ https //cloud vast ai/manage keys/ save keys interface now you can close the key generation interface we will create a new session navigate to sessions > new session > ssh sesison interface important details to complete remote host specify username (root) port use private key click 'ok' and you will be connected to the instance ssh terminal you can find the documentation for mobaxterm here other gui clients many gui clients are available for windows and other operating systems, and although it is not possible to cover all of these here, the key things to remember when setting up are create a public and private key pair add the public key to your vast account and any running instances keep the private key safe ensure you are connecting to the correct ip address and port as user root