Introduction to the Unix Cluster. Node: Accessing

PREV Passwords UP Starting NEXT Tigernet

2.4: Accessing the Computers

There two main categories of terminals that you should know about: X terminals (including the workstation consoles) and Macintoshes.

X terminals predominate in the Theory Division. These offer a windowing environment where the windows are controlled by the workstations or supercomputers.

Macintoshes allow connection to the Unix Cluster as a smart terminal running VersaTerm or NCSA Telnet. Macintoshes running VersaTerm are the main way in which users connect to the Unix cluster from home.

The principle ways of logging into one of the computers here at PPPL include:

  1. Logging in directly via the console and/or through xdm (X Display Manager)
  2. Through the command xrsh from another computer
  3. Through the commands telnet or rlogin from an `Internet' computer
  4. Through a networked Mac
  5. Through dialing into a terminal server via a modem
  • xdm Direct Login and Xdm
  • xrsh xrsh and the Display Variable
  • telnet and rlogin telnet and rlogin
  • Macs Macs
  • Dial-up Dial-Up
  • 2.5: Ssh, Slogin, Scp

    ssh,slogin, and scp are "secure" replacements for rsh, rlogin, and rcp. You may wish to use them because:

    The following is a quick how-to. For more information see the man pages, ssh(1), xssh(1), sshd(8), slogin(1), scp(1), ssh-keygen(1), ssh-agent(1),ssh-add(1).

    INITIAL SET UP

    1. Run ssh-keygen as follows
        $ ssh-keygen
        ...
        Enter file in which to save the key (~/.ssh/identity): [RETURN]
        Enter passphrase: [ENTER A GOOD PASS PHRASE TO PROTECT THE PRIVATE KEY]
        Enter the same passphrase again: [DITTO]
        ...
      

      This creates a private+public key pair in ~/.ssh/identity and ~/.ssh/identity.pub. The first file is protected by (a) Unix permissions, and (b) your pass phrase. The second file only needs to be protected against writing by anyone except you.

    2. Create ~/.ssh/authorized_keys:

      cp ~/.ssh/identity.pub ~/.ssh/authorized_keys

    3. Create ~/.ssh/authorized_keys on any remote systems you want to access. E.g., on a.nersc.gov
         mkdir ~/.ssh
         chmod 755 ~/.ssh
      

      and use FTP to transfer the local copy of `~/.ssh/authorized_keys' to a.nersc.gov.

    4. Near the beginning of your `~/.xsession', put
        eval `ssh-agent -s`
        ssh-add < /dev/null
      OR
        eval `ssh-agent -c`
        ssh-add < /dev/null
      

      depending on whether your `.xsession' is a /bin/sh or /bin/csh script. Look at the first line to find out.

      At the end (after the invocation of the window manager), put

      kill $SSH_AGENT_PID.

      Your `.xsession' may then look like:

        #! /bin/sh
        . /etc/env.default
      
        eval `ssh-agent -s`                # ADDITION
        ssh-add < /dev/null                # ADDITION
      
        xrdb $HOME/.Xresources
        ...
        xterm -ls -T `hostname` -n `hostname` -geo 80x50+105+5 &
        twm
      
        kill $SSH_AGENT_PID                # ADDITION
      
    5. [OPTIONAL] Create a file
        ~/.ssh/config
      

      containing

        Host *.nersc.gov
        User u12345
      

      where `u12345' is your NERSC user name. (This step means that you won't have to supply a `-l u12345' argument to ssh.) If you want to use compression on certain connections, this can be configured here too.

    ONCE PER X SESSION

    When you start an X session on your X terminal, the ssh-add command in `.xsession' will pop up a window for you to enter your pass phrase.

    TYPICAL INVOCATIONS

    1. To get a window on a.nersc.gov, do
          xssh -auth ssh a.nersc.gov
      

      xssh is a ssh-capable replacement for xrsh. You will need to ensure that your PATH on a.nersc.gov is set in .cshrc and that it included the directory with xterm lives. For that reason, I suggest you move

        if ( -e /etc/cshrc.nersc ) then
                source /etc/cshrc.nersc
        endif
      

      from `~/.login' to the end of `~/.cshrc'.

      On a.nersc.gov, if you do

        echo $DISPLAY
      

      you will see it set to something like `a:4.0'. This is a special display setting used by ssh for encrypting your X traffic. Incidentally the encryption is only in effect between NERSC and the machine you ran xssh on. The traffic between this machine and your X terminal is still unencrypted.

    2. To start a window on another machine in the Unix Cluster with your AFS tokens carried over:
        xssh lupus
      

      With this invocation, the X traffic is not encrypted. You may wish to insert these xssh commands into your .twmrc as follows

        menu "Programs"
        {
        "Machines"      f.title
        ...
        "draco"         !"xssh draco"
        "a.nersc.gov"   !"xssh -auth ssh a.nersc.gov"
        ...
        }
      
    3. Accessing the Unix Cluster from off-site. This requires installation of ssh on the remote machine. You should ask the system administrator for that machine to do this. In addition, if your site has AFS, ask for the AFS patches to ssh to be made. The main site for ssh is

      http://www.cs.hut.fi/ssh

      The AFS patches are available at

      http://www-personal.umich.edu/~dugsong/ssh-afs-kerberos.html

      [In fact, most of the functionality of ssh is available even if it's not installed by a system administrator.]

      If you have a Linux x86 machine, you can install a pre-compiled version with

        rpm --install ftp://ftp.pcuf.fi/linux/security/ssh-1.2.20-2.i386.rpm
      
    PREV Passwords UP Starting NEXT Tigernet