}}

These instructions explain how to set up an SSH connection to your DC/OS cluster from an outside network. If you are on the same network as your cluster or connected by using VPN, you can instead use the dcos node ssh command. For more information, see the dcos node section of the CLI reference.

Requirements:

  • An unencrypted SSH key that can be used to authenticate with the cluster nodes over SSH. Encrypted SSH keys are not supported.

SSH to your DC/OS cluster on Unix/Linux (OS X, Ubuntu, etc)

  1. Change the permissions on the .pem file to owner read/write by using the chmod command.

    Important: Your .pem file must be located in the ~/.ssh directory.

    $ chmod 600 <private-key>.pem
    
  2. SSH into the cluster.
    1. From your terminal, add your new configuration to the .pem file, where <private-key> is your .pem file.
      $ ssh-add ~/.ssh/<private-key>.pem
      Identity added: /Users/<yourdir>/.ssh/<private-key>.pem (/Users/<yourdir>/.ssh/<private-key>.pem)
      
    • To SSH to a master node:
      1. From the DC/OS CLI, enter the following command:
        $ dcos node ssh --master-proxy --leader
        

        Tip: The default user is core for CoreOS. If you are using CentOS, enter:

        $ dcos node ssh --master-proxy --leader --user=centos
        
    • To SSH to an agent node:
      1. From the DC/OS CLI, enter the following command, where <mesos-id> is your agent ID.
        $ dcos node ssh --master-proxy --mesos-id=<mesos-id>
        

        Tip: To find the agent ID, select the Nodes tab in the DC/OS web interface and click Details.

SSH to your DC/OS cluster on Windows

Requirements:

  • PuTTY SSH client or equivalent (These instructions assume you are using PuTTY, but almost any SSH client will work.)
  • PuTTYgen RSA and DSA key generation utility
  • Pageant SSH authentication agent

To install these programs, download the Windows installer from the official PuTTY download page.

  1. Convert the .pem file type to .ppk by using PuTTYgen:
    1. Open PuTTYgen, select File > Load Private Key, and choose your .pem file.

    2. Select SSH-2 RSA as the key type, click Save private key, then choose the name and location to save your new .ppk key.

    3. Close PuTTYgen.

  2. SSH into the cluster.

    • To SSH to a master node:
      1. From the DC/OS web interface, copy the IP address of the master node. It will be the IP address that you used to connect to the GUI.

      2. Open PuTTY and enter the master node IP address in the Host Name (or IP address) field.

      3. In the Category pane on the left side of the PuTTY window, choose Connection > SSH > Auth, click Browse, locate and select your .ppk file, then click Open.

      4. Login as user “core” if you’re running CoreOS. The default user on CentOS is “centos”.

    • To SSH to an agent node

      Prerequisite: You must be logged out of your master node.

      1. Enable agent forwarding in PuTTY.

        Caution: SSH agent forwarding has security implications. Only add servers that you trust and that you intend to use with agent forwarding. For more information on agent forwarding, see Using SSH agent forwarding.

        1. Open PuTTY. In the Category pane on the left side of the PuTTY window, choose Connection > SSH > Auth and check the Allow agent forwarding box.

        2. Click the Browse button and locate the .ppk file that you created previously using PuTTYgen.

      2. Add the .ppk file to Pageant.

        1. Open Pageant. If the Pageant window does not appear, look for the Pageant icon in the notification area in the lower right area of the screen next to the clock and double-click it to open Pageant’s main window.

        2. Click the Add Key button.

        3. Locate the .ppk file that you created using PuTTYgen and click Open to add your key to Pageant.

        4. Click the Close button to close the Pageant window.

      3. SSH into the master node.

        1. From the DC/OS web interface, copy the IP address of the master node. The IP address is displayed beneath your cluster name.

        2. In the Category pane on the left side of the PuTTY window, choose Session and enter the master node IP address in the Host Name (or IP address) field.

        3. Login as user “core” if you’re running CoreOS. The default user on CentOS is “centos”.

      4. From the master node, SSH into the agent node.

        1. From the Mesos web interface, copy the agent node hostname. You can find hostnames on the Frameworks (<master-node-IPaddress>/mesos/#/frameworks) or Slaves page (<master-node-IPaddress>/mesos/#/slaves).

        2. SSH into the agent node as the user core with the agent node hostname specified:

          ssh core@<agent-node-hostname>