User Onboarding

This guide covers the complete process of onboarding new users to our server infrastructure, from initial setup to first login.

Prerequisites

VPN Access

Before you can access the servers, you must be connected to the VPN.

Important: You need to set up VPN access first. Follow the instructions at: Northeastern VPN Setup Guide

Once VPN is configured and connected, proceed with the steps below.

Step 1: Generate SSH Key Pair

Each user needs to generate an SSH key pair on their local machine. The public key will be shared with the developer team for server access setup.

For macOS Users

Open Terminal (Applications → Utilities → Terminal)
Check if SSH key already exists:
```
ls -la ~/.ssh
```
If you see files like id_rsa and id_rsa.pub, you may already have a key pair. You can either use the existing one or generate a new one.
Generate a new SSH key pair:
```
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
```
- When prompted, press Enter to accept the default file location (~/.ssh/id_rsa)
- Optionally, enter a passphrase for extra security (recommended)
- Confirm the passphrase if you entered one
Display your public key:
```
cat ~/.ssh/id_rsa.pub
```
Copy the entire output (it starts with ssh-rsa and ends with your email).
Share the public key with the developer team (via email, Slack, or your preferred communication channel).

For Windows Users

Option A: Using PowerShell (Windows 10/11)

Open PowerShell (Right-click Start → Windows PowerShell or search for PowerShell)
Check if SSH key already exists:
```
ls ~/.ssh
```
If you see files like id_rsa and id_rsa.pub, you may already have a key pair.
Generate a new SSH key pair:
```
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
```
- When prompted, press Enter to accept the default file location (C:\Users\YourUsername\.ssh\id_rsa)
- Optionally, enter a passphrase for extra security (recommended)
- Confirm the passphrase if you entered one
Display your public key:
```
cat ~/.ssh/id_rsa.pub
```
Copy the entire output (it starts with ssh-rsa and ends with your email).
Share the public key with the developer team.

Option B: Using Git Bash (Alternative)

If you have Git for Windows installed:

Open Git Bash

Generate SSH key:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Display public key:
```
cat ~/.ssh/id_rsa.pub
```
Share the public key with the developer team.

Step 2: Developer Setup (Server-Side)

After receiving the user's public SSH key, a developer needs to set up the user account on the server. Follow these steps:

Prerequisites for Developer

SSH access to the target server
Sudo privileges on the server

Setup Commands

Replace test_user with the actual username (e.g., ra_user, john_doe, etc.)

SSH into the server:
```
ssh developer@<server_ip>
```
Create the user account:
```
sudo adduser test_user
```
- Follow the prompts to set a password (this will be used for sudo operations)
- Fill in user information as needed
Create SSH directory:
```
sudo mkdir -p /home/test_user/.ssh
```
Set proper permissions on .ssh directory:
```
sudo chmod 700 /home/test_user/.ssh
```
Add the public key to authorized_keys:
```
sudo nano /home/test_user/.ssh/authorized_keys
```
- Paste the user's public SSH key (the one they shared)
- Save and exit (Ctrl+X, then Y, then Enter)

Set proper permissions on authorized_keys:

sudo chmod 600 /home/test_user/.ssh/authorized_keys

Change ownership of .ssh directory:

sudo chown -R test_user:test_user /home/test_user/.ssh

Add user to docker group (if Docker access is needed):
```
sudo usermod -aG docker test_user
```

Adding User to Groups

To add a user to additional groups, use the following command:

sudo usermod -aG <group_name> test_user

Common Groups:

Group	Purpose
`docker`	Allows running Docker commands without sudo
`sudo`	Grants sudo privileges to the user
`www-data`	Web server access (for Apache/Nginx)

Add user to multiple groups at once:

sudo usermod -aG docker,sudo test_user

View user's current groups:

groups test_user

Note: The user needs to log out and log back in for group changes to take effect.

Verification

The developer should verify the setup by testing SSH access (if possible) or confirming the file permissions:

ls -la /home/test_user/.ssh

Expected output should show:

.ssh directory with permissions drwx------
authorized_keys file with permissions -rw-------
Both owned by test_user:test_user

Once the developer has completed the server setup, you can connect to the server using SSH.

Important: Make sure you are connected to the VPN before attempting to connect.

ssh test_user@<server_ip>

Example:

ssh ra_user@129.10.156.97

On first connection, you'll be prompted to verify the server's fingerprint. Type yes to continue.

SSH Tunnel for LLM Model Access

If you need to access an LLM model running on the server from your local machine, use SSH port forwarding:

ssh -L <local_port>:localhost:<server_port> test_user@<server_ip>

Example:

ssh -L 8000:localhost:8000 ra_user@129.10.156.97

This command:

Creates a tunnel from your local port 8000 to the server's port 8000
After connecting, you can access the LLM service at http://localhost:8000 on your local machine
Replace 8000 with the actual port number if different

Troubleshooting

Connection Refused

Check VPN connection: Ensure you're connected to the VPN
Verify server IP: Confirm the server IP address with the developer
Check firewall: Contact the infrastructure team if firewall rules might be blocking access

Permission Denied (publickey)

Verify public key: Ensure the developer added the correct public key
Check key file: Make sure you're using the correct private key
Key permissions: On macOS/Linux, ensure your private key has correct permissions:
```
chmod 600 ~/.ssh/id_rsa
```

SSH Key Not Found

Specify key explicitly:

ssh -i ~/.ssh/id_rsa test_user@<server_ip>

Port Already in Use (SSH Tunnel)

If you get an error that the local port is already in use:

Use a different port:

ssh -L 8001:localhost:8000 test_user@<server_ip>

Find and kill the process using the port (macOS/Linux):
```
lsof -ti:8000 | xargs kill -9
```

Next Steps

After successfully logging in:

Verify Docker access (if applicable):
```
docker ps
```
Check your home directory:
```
ls -la ~
```
Read the A6000 Server Guide for working with LLMs on the A6000 server
Read the Blackwell Server Guide for working with LLMs on the Blackwell server

Support

If you encounter any issues during onboarding, contact the development team or infrastructure support.

Prerequisites​

VPN Access​

Step 1: Generate SSH Key Pair​

For macOS Users​

For Windows Users​

Option A: Using PowerShell (Windows 10/11)​

Option B: Using Git Bash (Alternative)​

Step 2: Developer Setup (Server-Side)​

Prerequisites for Developer​

Setup Commands​

Adding User to Groups​

Verification​

Step 3: User Login Instructions​

General Server Login​

SSH Tunnel for LLM Model Access​

Troubleshooting​

Connection Refused​

Permission Denied (publickey)​

SSH Key Not Found​

Port Already in Use (SSH Tunnel)​

Next Steps​

Support​