Introduction to the Unix Cluster. Node: Accessing

PREV Passwords UP Starting NEXT Tigernet

2.4: Accessing the Computers

There two main categories of terminals that you should know about: X terminals (including the workstation consoles) and Macintoshes.

X terminals predominate in the Theory Division. These offer a windowing environment where the windows are controlled by the workstations or supercomputers.

Macintoshes allow connection to the Unix Cluster as a smart terminal running VersaTerm or NCSA Telnet. Macintoshes running VersaTerm are the main way in which users connect to the Unix cluster from home.

The principle ways of logging into one of the computers here at PPPL include:

  1. Logging in directly via the console and/or through xdm (X Display Manager)
  2. Through the command xrsh from another computer
  3. Through the commands telnet or rlogin from an `Internet' computer
  4. Through a networked Mac
  5. Through dialing into a terminal server via a modem
  • xdm Direct Login and Xdm
  • xrsh xrsh and the Display Variable
  • telnet and rlogin telnet and rlogin
  • Macs Macs
  • Dial-up Dial-Up
  • 2.5: Ssh, Slogin, Scp

    ssh,slogin, and scp are "secure" replacements for rsh, rlogin, and rcp. You may wish to use them because:

    The following is a quick how-to. For more information see the man pages, ssh(1), xssh(1), sshd(8), slogin(1), scp(1), ssh-keygen(1), ssh-agent(1),ssh-add(1).


    1. Run ssh-keygen as follows
        $ ssh-keygen
        Enter file in which to save the key (~/.ssh/identity): [RETURN]
        Enter the same passphrase again: [DITTO]

      This creates a private+public key pair in ~/.ssh/identity and ~/.ssh/ The first file is protected by (a) Unix permissions, and (b) your pass phrase. The second file only needs to be protected against writing by anyone except you.

    2. Create ~/.ssh/authorized_keys:

      cp ~/.ssh/ ~/.ssh/authorized_keys

    3. Create ~/.ssh/authorized_keys on any remote systems you want to access. E.g., on
         mkdir ~/.ssh
         chmod 755 ~/.ssh

      and use FTP to transfer the local copy of `~/.ssh/authorized_keys' to

    4. Near the beginning of your `~/.xsession', put
        eval `ssh-agent -s`
        ssh-add < /dev/null
        eval `ssh-agent -c`
        ssh-add < /dev/null

      depending on whether your `.xsession' is a /bin/sh or /bin/csh script. Look at the first line to find out.

      At the end (after the invocation of the window manager), put

      kill $SSH_AGENT_PID.

      Your `.xsession' may then look like:

        #! /bin/sh
        . /etc/env.default
        eval `ssh-agent -s`                # ADDITION
        ssh-add < /dev/null                # ADDITION
        xrdb $HOME/.Xresources
        xterm -ls -T `hostname` -n `hostname` -geo 80x50+105+5 &
        kill $SSH_AGENT_PID                # ADDITION
    5. [OPTIONAL] Create a file


        Host *
        User u12345

      where `u12345' is your NERSC user name. (This step means that you won't have to supply a `-l u12345' argument to ssh.) If you want to use compression on certain connections, this can be configured here too.


    When you start an X session on your X terminal, the ssh-add command in `.xsession' will pop up a window for you to enter your pass phrase.


    1. To get a window on, do
          xssh -auth ssh

      xssh is a ssh-capable replacement for xrsh. You will need to ensure that your PATH on is set in .cshrc and that it included the directory with xterm lives. For that reason, I suggest you move

        if ( -e /etc/cshrc.nersc ) then
                source /etc/cshrc.nersc

      from `~/.login' to the end of `~/.cshrc'.

      On, if you do

        echo $DISPLAY

      you will see it set to something like `a:4.0'. This is a special display setting used by ssh for encrypting your X traffic. Incidentally the encryption is only in effect between NERSC and the machine you ran xssh on. The traffic between this machine and your X terminal is still unencrypted.

    2. To start a window on another machine in the Unix Cluster with your AFS tokens carried over:
        xssh lupus

      With this invocation, the X traffic is not encrypted. You may wish to insert these xssh commands into your .twmrc as follows

        menu "Programs"
        "Machines"      f.title
        "draco"         !"xssh draco"
        ""   !"xssh -auth ssh"
    3. Accessing the Unix Cluster from off-site. This requires installation of ssh on the remote machine. You should ask the system administrator for that machine to do this. In addition, if your site has AFS, ask for the AFS patches to ssh to be made. The main site for ssh is

      The AFS patches are available at

      [In fact, most of the functionality of ssh is available even if it's not installed by a system administrator.]

      If you have a Linux x86 machine, you can install a pre-compiled version with

        rpm --install
    PREV Passwords UP Starting NEXT Tigernet