Passing SSH key


I am launching dataproc cluster from using the Hailctl and i am not able to connect via ssh. This is due to the firewall restriction. Is there a way to pass ssh key when launching data proc via hailctl. ?

Hey @jerome-f !

hailctl dataproc cluster start will pass any unrecognized arguments along to gcloud dataproc create.

That said, if you’re having firewall issues, I don’t think an SSH key will fix the problem.

Thanks Danking,
So I am not able to connect/launch the notebook even though I am on the same network, or form a vm in the same instance. I dont know how to specify the cluster to inherit same firewall rules as the vm instance.

`Existing host keys found in /home/XXX/.ssh/google_compute_known_hosts`
`ssh: connect to host port 22: Connection timed out` `Recommendation: To check for possible causes of SSH connectivity issues and get`

@jerome-f, I think you need to specify --network to place the cluster in the network which has the desired firewall rules?

The gcloud man page describes that flag and a few related ones:

          Specifies a list of tags to apply to the instance. These tags allow
          network firewall rules and routes to be applied to specified VM
          instances. See gcloud compute firewall-rules create(1) for more

          To read more about configuring network tags, read this guide:

          To list instances with their respective status and tags, run:

              $ gcloud compute instances list \

          To list instances tagged with a specific tag, tag1, run:

              $ gcloud compute instances list --filter='tags:tag1'

       At most one of these may be specified:

            The Compute Engine network that the VM instances of the cluster
            will be part of. This is mutually exclusive with --subnet. If
            neither is specified, this defaults to the "default" network.

            Specifies the subnet that the cluster will be part of. This is
            mutally exclusive with --network.

Hi Danking,

The Dataproc instance is on the network behind the firewall. I could ssh into using my ssh key file. I might have to launch jupyter lab from within the cluster trying to use hailctl dataproc connect notebook.

Ah, @jerome-f , I think I understand what you’re trying to do. Unfortunately, hailctl dataproc connect does not pass through unrecognized arguments to gcloud dataproc. I’ve marked this as a feature request. In the meantime, you can use --dry-run to see the command we use. You can modify this command as necessary. In particular, I think you just need to add --ssh-key-file=path/to/your/key

(base) # hailctl dataproc connect --dry-run dk notebook
gcloud command:
compute ssh dking@dk-m --zone=us-central1-b \
    '--ssh-flag=-D 10000' \
    '--ssh-flag=-N' \
    '--ssh-flag=-f' \

Here’s a PR to add the pass through functionality you need. [hailctl] allow passthrough arguments to dataproc connect by danking · Pull Request #11710 · hail-is/hail · GitHub

Thanks for the reply Danking.

@danking I am not sure if this would be useful for everyone. But the current behavior of data proc create is to launch a Debian boot disk. My org does not like user to create custom images and requires to us to pick one of the hardened images pre provisioned (for data security etc. ) . hail dataproc create can have support to user specifying image with --image= (it is working now as pass through but --image-version is set so throws an error)

1 Like