Skip to main content
Asked a question recently

X11-Forwarding does not work with Slurm, what now?

Where am I?

In Bright Computing, Inc. you can ask and answer questions and share your experience with others!

Bright Cluster Manager generates the SSH keys for cluster users using ECDSA instead of RSA algorithm. However, this might cause X11-Forwarding through srun to fail to work in some versions of Slurm (due to a known bug reported here10).

This problem might be reproduced as follows:

  1. Enable X11-Forwarding in Slurm by adding the option PrologFlags=X11 to the Slurm configuration file (slurm.conf).
  2. Run an X application using srun. For example: srun --x11 xclock
  3. You will get an error message similar to:
    Error: Can't open display: localhost:1010.0
    srun: error: node001: task 0: Exited with exit code 1

This problem can be solved by generating RSA keys alongwith the ECDSA keys for all users. For bash/sh users, this can be accomplished by creating the file /etc/profile.d/rsa_ssh.sh as root, with the following contents:

if [ "$(id -u 2>/dev/null)" != "0" ]; then
  if [ ! -f ~/.ssh/id_rsa ]; then
    if [ -w ~ ]; then
      echo Creating RSA key for ssh
      ssh-keygen -t rsa -f ~/.ssh/id_rsa -q -N ""
      cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
      chmod 600 ~/.ssh/authorized_keys ~/.ssh/id_rsa ~/.ssh/id_rsa.pub
    fi
  fi
fi

Make sure this file has the correct permissions: chmod 644 /etc/profile.d/rsa_ssh.sh

Similarly, for csh users, create the file /etc/profile.d/rsa_ssh.csh with these contents:

if ( "'id -u'" != "0" ) then
  if ( ! -e ~/.ssh/id_rsa ) then
    if ( -w ~/ ) then
      echo Creating RSA key for ssh
      ssh-keygen -t rsa -f ~/.ssh/id_rsa -q -N ""
      cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
      chmod 600 ~/.ssh/authorized_keys ~/.ssh/id_rsa ~/.ssh/id_rsa.pub
    endif
  endif
endif

And apply the correct permissions: chmod 644 /etc/profile.d/rsa_ssh.csh