Changes between Version 40 and Version 41 of HowTo/LoginToNodes


Ignore:
Timestamp:
08/21/12 16:25:06 (12 years ago)
Author:
nriga@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • HowTo/LoginToNodes

    v40 v41  
    11[[PageOutline]]
    2 This page describes how to login to hosts that you have reserved through the GENI AM API.
     2This page describes how to login to hosts that you have reserved through the GENI AM API. For any comments please contact us at [mailto:help@geni.net].
    33
    44= Login to GENI hosts =
     
    5252
    5353==== Other tools ====
    54 If you used another tool to reserve your resources, then you should figure out how to get the output of the sliverstatus command. If you can't figure this out please send us an [mailto:help@geni.net email] and let us which tool you used to reserve your resources.
     54If you used another tool to reserve your resources, then you should figure out how to get the output of the sliverstatus command. If you can't figure this out please send us an [mailto:help@geni.net email] and let us which tool you used.
    5555
    5656== Get a copy of your ssh key ==
    57 When you reserve your resources, the tool that you use for the reservation also installs one or more public keys on the hosts so that you can get ssh access to the compute resources. In order to ssh to the machines you will need to get a copy of the private ssh key that correspond to the installed public keys. As before how to get a copy of the needed ssh key depends on the specific tool.
     57When you reserve your resources, the tool that you use for the reservation also installs one or more public keys on the hosts so that you can get ssh access. In order to ssh to the machines you will need to get a copy of the private ssh key that correspond to the installed public keys. As before, how to get a copy of the needed ssh key depends on the specific tool.
    5858
    5959==== Using Flack ====
     
    6969If you made your reservation with Omni then you will need to access the host where your Omni is installed to get a copy of your SSH Key. If you use the host that has Omni installed to ssh to your nodes then you skip to  [wiki:HowTo/LoginToNodes#OmniReadyToLoginScript this section]. If you just want to get a copy of your private key and use it for logging into your nodes from another host, then you should :
    7070  1. Login to the host where you have Omni installed
    71   2. Open your omni configuration file. For most users this file is located at ~/.gcf/omni_config. Also when you run any command with omni, it prints the location of the configuration file towards the top.
     71  2. Open your omni configuration file. For most users this file is located at ~/.gcf/omni_config. '''Tip''': When you run any command with omni, it prints the location of the configuration file towards the top.
    7272  3. In the omni_config file there should be a section about your user that has an attribute called `keys', that has a list of all the public keys that are installed in the nodes. Usually in the same directory as the public keys there are also the private keys (a private key usually has the same name as the public key but without the '.pub' extension.
    73   4. Copy the private key over to your host, either by using [http://en.wikipedia.org/wiki/Secure_copy scp] or any other file transfer protocol. You can also just copy-paste the contents of the file.
     73  4. Copy the private key over to your host, either by using [http://en.wikipedia.org/wiki/Secure_copy scp] or any other file transfer program. You can also just copy-paste the contents of the file.
    7474
    7575==== Other tools ====
     
    8181
    8282====  Linux/Mac OS/Windows Cygwin ====
    83 In a Linux or a Mac host do the following :
     83Follow these steps:
    8484  1. Open a terminal
    8585  2. Ensure that your private key has the right permissions. Type :
     
    9393
    9494==== Windows Putty ====
    95 If you are using putty on a windows machine then follow these steps:
     95If you are using putty on a windows machin, follow these steps:
    9696   1. Convert your private key to the format that putty is expecting to. To do this use the puttygen program. For more information look [https://apps.state.or.us/tech/htdocs/putty/Chapter8.html#8.2.12 here]
    97    2. Create a new session that uses the username, hostname and port that you have gathered. Also under the authentication menu make sure you point the key field to the key that you generated in putty format.
     97   2. Create a new session that uses the username, hostname and port that you have gathered. Under the authentication menu make sure you point the key field to the key that you generated with puttygen.
    9898
    9999== Omni !ReadyToLogin Script ==
     
    128128window you can omit the 'xterm -e' part.
    129129
     130
    130131= Troubleshoot/Useful tips =
    131 === I am trying to login to the hosts and I am prompted for a password ===
    132 When you trying to login to GENI hosts you should only be prompted for your ssh passphrase. If you are prompted for a password then there is
    133 something wrong. Things you can try:
    134    * '''change the permissions of your private key''' .  If while trying to login you get a warning that says :
     132=== I am trying to login to the hosts and I am prompted for a password. ===
     133When you are trying to login to GENI hosts you should only be prompted for your ssh passphrase. If you are prompted for a password then there is
     134something wrong. Things that might be wrong:
     135   * '''the permissions of your private key''' .  If while trying to login you get a warning that says :
    135136    {{{
    136137@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
     
    147148If you have tried everything but you still can't login, email us at [mailto:help@geni.net].
    148149
     150=== My GENI host is behind a firewall. ===
     151Some hosts in GENI are behind a firewall. In most cases where nodes are behind a firewall, there is one or more machines that are accessible from the public internet that can be used as "stepping stones" to access these machines, i.e. you should login to them first and then login to the hosts that are behind the firewall. Currently in GENI the two most common cases of nodes that are behind a firewall are:
     152   * '''Wide Area ProtoGENI hosts in Internet 2 !PoPs''' : Any node in Utah can be used as a "stepping stone". If your slice doesn't already have a host in Utah, then you should add a VM in Utah that you will use for this purpose.
     153   * '''Mesoscale hosts in some campuses''': If you are using nodes in [wiki:TangoGENI Mesoscale] that are behind a firewall, you can use ops.pgeni.gpolab.bbn.com as a "stepping stone". You can login to ops.pgeni.gpolab.bbn.com using the your pgeni credentials file as your private key.
     154Once you have determined which host you will use as your stepping stone (pub_host from now on)  to get to the host behind the firewall(priv_host from now on), you have several options:
     155 1. '''Recommended''' Use the `-A` ssh option to enable forwarding of the authentication agent. So try :
     156    {{{
     157ssh -A <username>@<pub_host>
     158}}}
     159      Then from <pub_host> you can ssh to the private host without the need to upload your private key to <pub_host>.
     160    {{{
     161user@<pub_host>$> ssh <username>@<priva_host>
     162}}}
     163 2. If the above option does not work then you can try using [https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding ssh port forwarding] to get to your host. The main idea is that you will forward a local port on the client to go through the connection to <pub_host> and from there to ssh to <priv_host>. If you want to do this in command line then first login to the public host:
     164 {{{
     165ssh -L <local port>:<priv_host>:22 <username>@<pub_host>
     166}}}
     167 
     168   Then on a different terminal, try logging to the private host through the local port :
     169 {{{
     170ssh -i <private key> <username>@localhost -p <local port>
     171}}}
     172
     173   You can also modify the ssh configuration file to that effect. This way it is easier to port-forward multiple firewalled hosts by adding the following lines in the file :
     174 {{{
     175Host <pub_host_alias>
     176  Hostname <pub_host>
     177  LocalForward <local port1> <priv_host_1>:22
     178  LocalForward <local port2> <priv_host_2>:22
     179  user <username>
     180
     181Host <priv_host_alias_1>
     182  Hostname localhost
     183  port <local port1>
     184  user <username>
     185
     186Host <priv_host_alias_2>
     187  Hostname localhost
     188  port <local port2>
     189  user <username>
     190}}}
     191   Then on one terminal do :
     192 {{{
     193ssh <pub_host_alias>
     194}}}
     195
     196   And on another terminal:
     197 {{{
     198ssh <priv_host_alias_1>
     199}}}
     200
    149201=== Managing SSH Keys ===
    150202
     
    154206<table border="0">
    155207     <tr>
    156   <td>  Depending on which type of OS You are using, there are ways to make the management of ssh keys and pathphrases simpler. In most linux systems there is a program called <a href='http://en.wikipedia.org/wiki/Ssh-agent'> ssh-agent</a> that runs automatically when you login and can help you manage your ssh keys so that you don't have to type your passphrase every time you login.     
     208  <td>  Depending on which type of OS You are using, there are ways to make the management of ssh keys and pathphrases simpler. In most linux systems there is a program called <a href='http://en.wikipedia.org/wiki/Ssh-agent'> ssh-agent</a> that runs automatically when you login and can help you manage your ssh keys so that you don't have to type your passphrase every time you use it.     
    157209<ul>
    158  <li> <b> Mac OS </b>  If you are on OSX Leopard or later, ssh-agent runs automatically for you. It will also integrate with the <a href='http://en.wikipedia.org/wiki/Keychain_(Mac_OS)'> Keychain</a> that is a program for managing identities, passwords, etc. The first time that you use your private key to login to a machine, a keychain window will pop-up offering to store your passphrase, if you want to avoid the hustle of typing in your passphrase every time you want to login you should click on that option. </li>
     210 <li> <b> Mac OS </b>  If you are on OSX Leopard or later, ssh-agent runs automatically for you. It also integrates `ssh-agent` with the <a href='http://en.wikipedia.org/wiki/Keychain_(Mac_OS)'> Keychain</a> that is a program for managing identities, passwords, etc. The first time that you use your private key to login to a machine, a keychain window will pop-up offering to store your passphrase, if you want to avoid the hustle of typing in your passphrase every time you want to login you should click on that option. </li>
    159211 <li> <b>Linux systems</b> : : In most other Linux systems  ssh-agent  should be automatically started for you. If you want to test whether ssh-agent` runs for you try typing on a terminal: <code>ssh-add</code>. If it is running then you can execute the following command:</li>
    160212</ul>
     
    173225
    174226=== Simplify the ssh command ===
    175 If you don't want to always specify the '-i' command when you try to login to your hosts, then you can modify your ssh config file to use your key by default. The default location for your ssh configuration file is at  `~/.ssh/config`. For more information on the ssh configuration files use `man ssh_config`. If you want to setup your configuration so that it affects only your current hosts then you can add these lines to your configuration file for each host :
     227If you don't want to always specify the '-i' command when you try to login to your hosts, then you can modify your ssh config file to use your key by default. The default location for your ssh configuration file is at  `~/.ssh/config`. For more information on the ssh configuration files use `man ssh_config`. If you want to setup your configuration so that it affects only your GENI hosts then you can add these lines to your configuration file for each host :
    176228
    177229{{{
     
    184236
    185237Now you can simply run `ssh <your_alias>`, where <your_alias> can be any nickname you choose.
    186 
    187 === Logging in to host behind firewalls ===
    188 Some hosts in GENI are behind a firewall. In most cases where nodes are behind a firewall, there is one or more machines that are accessible from the public internet that can be used as "stepping stones" to access these machines, i.e. you should login to them first and then login to the hosts that are behind the firewall. Currently in GENI the two most common cases of nodes that are behind a firewall are:
    189    * '''Wide Area ProtoGENI hosts in Internet 2 PoPs''' : Any node in Utah can be used as a "stepping stone". If you slice doesn't have a host in Utah, then you should add a VM in Utah that you will use for this purpose.
    190    * '''Mesoscale hosts in some campuses''': If you are using nodes in [wiki:TangoGeni Mesoscale] that are behind a firewall, you can use ops.pgeni.gpolab.bbn.com as a "stepping stone". You can login to ops.pgeni.gpolab.bbn.com using the your pgeni credentials file as your private key.
    191 Once you have determined with host you will use as your stepping stone (pub_host from now on)  to get to the host behind the firewall(priv_host from now on), you have several options:
    192  1. '''Recommended''' Use the `-A` ssh option to enable forwarding of the authentication agent. So try :
    193     {{{
    194 ssh -A <username>@<pub_host>
    195 }}}
    196       Then from <pub_host> you can ssh to the private host without the need to upload your private key to <pub_host>.
    197     {{{
    198 user@<pub_host>$> ssh <username>@<priva_host>
    199 }}}
    200  2. If the above option does not work then you can try using [https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding ssh port forwarding] to get to your host. The main idea is that you will forward a local port on the client to go through the connection to <pub_host> and from there to ssh to <priv_host>. If you want to do this in command line then first login to the public host:
    201  {{{
    202 ssh -L <local port>:<priv_host>:22 <username>@<pub_host>
    203 }}}
    204  
    205    Then on a different terminal, try logging to the private host through the local port :
    206  {{{
    207 ssh -i <private key> <username>@localhost -p <local port>
    208 }}}
    209 
    210    You can also modify the ssh configuration file to that effect. This way it is easier to port-forward multiple firewalled hosts by adding the following lines in the file :
    211  {{{
    212 Host <pub_host_alias>
    213   Hostname <pub_host>
    214   LocalForward <local port1> <priv_host_1>:22
    215   LocalForward <local port2> <priv_host_2>:22
    216   user <username>
    217 
    218 Host <priv_host_alias_1>
    219   Hostname localhost
    220   port <local port1>
    221   user <username>
    222 
    223 Host <priv_host_alias_2>
    224   Hostname localhost
    225   port <local port2>
    226   user <username>
    227 }}}
    228    Then on one terminal do :
    229  {{{
    230 ssh <pub_host_alias>
    231 }}}
    232 
    233    And on another terminal:
    234  {{{
    235 ssh <priv_host_alias_1>
    236 }}}