Passwords Starting Tigernet
There two main categories of terminals that you should know about: X terminals (including the workstation consoles) and Macintoshes.
X terminals predominate in the Theory Division. These offer a windowing environment where the windows are controlled by the workstations or supercomputers.
Macintoshes allow connection to the Unix Cluster as a smart terminal running VersaTerm or NCSA Telnet. Macintoshes running VersaTerm are the main way in which users connect to the Unix cluster from home.
The principle ways of logging into one of the computers here at PPPL include:
scp are "secure" replacements for rsh,
rlogin, and rcp. You may wish to use them because:
The following is a quick how-to. For more information see the man pages, ssh(1), xssh(1), sshd(8), slogin(1), scp(1), ssh-keygen(1), ssh-agent(1),ssh-add(1).
INITIAL SET UP
Enter file in which to save the key (~/.ssh/identity): [RETURN]
Enter passphrase: [ENTER A GOOD PASS PHRASE TO PROTECT THE PRIVATE KEY]
Enter the same passphrase again: [DITTO]...
This creates a private+public key pair in ~/.ssh/identity and ~/.ssh/identity.pub. The first file is protected by (a) Unix permissions, and (b) your pass phrase. The second file only needs to be protected against writing by anyone except you.
cp ~/.ssh/identity.pub ~/.ssh/authorized_keys
chmod 755 ~/.ssh
and use FTP to transfer the local copy of `
eval `ssh-agent -s`
ssh-add < /dev/null
eval `ssh-agent -c`
ssh-add < /dev/null
depending on whether your `
.xsession' is a /bin/sh or /bin/csh script. Look
at the first line to find out.
At the end (after the invocation of the window manager), put
.xsession' may then look like:
eval `ssh-agent -s` # ADDITION
ssh-add < /dev/null # ADDITION
xterm -ls -T `hostname` -n `hostname` -geo 80x50+105+5 &
kill $SSH_AGENT_PID # ADDITION
u12345' is your NERSC user name. (This step means that you won't have
to supply a `
-l u12345' argument to ssh.) If you want to use compression
on certain connections, this can be configured here too.
ONCE PER X SESSION
When you start an X session on your X terminal, the ssh-add command in
.xsession' will pop up a window for you to enter your pass phrase.
xssh -auth ssh a.nersc.gov
xssh is a ssh-capable replacement for xrsh. You will need to ensure that your PATH on a.nersc.gov is set in .cshrc and that it included the directory with xterm lives. For that reason, I suggest you move
if ( -e /etc/cshrc.nersc ) then
~/.login' to the end of `
On a.nersc.gov, if you do
you will see it set to something like `
a:4.0'. This is a special display
setting used by ssh for encrypting your X traffic. Incidentally the
encryption is only in effect between NERSC and the machine you ran xssh on.
The traffic between this machine and your X terminal is still unencrypted.
With this invocation, the X traffic is not encrypted. You may wish to insert these xssh commands into your .twmrc as follows
"draco" !"xssh draco"
"a.nersc.gov" !"xssh -auth ssh a.nersc.gov"...
The AFS patches are available at
[In fact, most of the functionality of ssh is available even if it's not installed by a system administrator.]
If you have a Linux x86 machine, you can install a pre-compiled version with
rpm --install ftp://ftp.pcuf.fi/linux/security/ssh-1.2.20-2.i386.rpm