wiki:HowTo/LoginToNodes

Version 31 (modified by nriga@bbn.com, 12 years ago) (diff)

--

This page describes how to login to hosts that you have reserved through the GENI AM API.

Login to GENI hosts

Omni Client
   
When you reserve nodes through the [http://groups.geni.net/geni/wiki/GeniApi GENI AM API], you can login to your nodes using ssh . You get access to reserved hosts only through ssh keys. This page will give you some useful tips about how to login to your nodes. In order to login to your nodes you need the following things:
  1. an ssh client
  2. your login name, hostname and port
  3. your ssh key
   

SSH Client

Depending on which OS you are using there are different ssh client options.

Linux/Mac OS

All linux and Mac distributions come with a built-in ssh client, just open a Terminal and type ssh, you should get the usage for the ssh command.

Windows OS

There are multiple windows ssh clients. A list of some popular ones can be found here. Some commonly used options are:

  • Cygwin: a complete Linux-type environment that also includes an ssh client. If you have already installed cygwin on your host then you should just run it and follow the instructions for Linux for the rest of the instructions
  • Putty: a lightweight free ssh client. Note: If you are using Putty you will also need to download puttygen to convert your private key to putty's format.

Get your Login, Host names and ports

In order to figure out your login name the best way is to use the status command of the GENI AM API. Depending of which tool you used to reserve the resources you can get this information in different ways.

Using Flack

If you are using Flack for building your experiment then in order to get the login name you need to load your slice in Flack and press on the (i) icon that is next to the node. . On the top of the information window it has a field that says Username, and Hostname. In the end of the host name there will be `:<port number>', e.g. 'pcwf171.emulab.net:22'. This is the port number you should use. Note: If you are on a Mac computer then you can directly use the 'SSH' button that is on the top on the information pane for the host.

Using Omni

If you are using Omni, then you can run the sliverstatus command and get back a text output. If you search within that output you should find a field about the hostname and one about the login. If you are trying to ssh to your hosts from the same machine that you used to reserve your hosts then you can use a script that comes with Omni and you can directly skip to this section.

Other tools

If you used another tool to reserve your resources, then you should figure out how to get the output of the sliverstatus command. If you can't figure this out please send us an email and let us which tool you used to reserve your resources.

Get a copy of your ssh key

When you reserve your resources, the tool that you use for the reservation also installs one or more public keys on the hosts so that you can get ssh access to the compute resources. In order to ssh to the machines you will need to get a copy of the private ssh key that correspond to the installed public keys. As before how to get a copy of the needed ssh key depends on the specific tool.

Using Flack

Flack has a list of ssh keys that it uploads to nodes during the reservation. After you login to flack, on the left pane there should be a button with your login name. If you click on that you will get a window that has different tabs. One of the tabs says SSH Keys.

In the information that will appear on the left pane there should be a private key. Press to the Save to File option and save it in your computer.

Note: If you are on a Mac computer then you can directly use the 'SSH' button that is on the top on the information pane for the host.

Using Omni

If you made your reservation with Omni then you will need to access the host where your Omni is installed to get a copy of your SSH Key. If you use the host that has Omni installed to ssh to your nodes then you skip to this section. If you just want to get a copy of your private key and use it for logging into your nodes from another host, then you should :

  1. Login to the host where you have Omni installed
  2. Open your omni configuration file. For most users this file is located at ~/.gcf/omni_config. Also when you run any command with omni, it prints the location of the configuration file towards the top.
  3. In the omni_config file there should be a section about your user that has an attribute called `keys', that has a list of all the public keys that are installed in the nodes. Usually in the same directory as the public keys there are also the private keys (a private key usually has the same name as the public key but without the '.pub' extension.
  4. Copy the private key over to your host, either by using scp or any other file transfer protocol. You can also just copy-paste the contents of the file.

Other tools

Any tool that uses the GENI AM API to reserve resources, provides the public keys to the AM to be installed on the compute resources. If you can't figure out which keys the tool you used installed on the hosts, please send an email to help@geni.net telling us which tool you used and we will be happy to help.

Logging in

Now that you have gathered all the different elements you are ready to login to your nodes.

Linux/Mac OS/Windows Cygwin

In a Linux or a Mac host do the following :

  1. Open a terminal
  2. Ensure that your private key has the right permissions. Type :
       chmod 700 <private_key_file>
    
  3. Run ssh and enter your passphrase when prompted. Note: If you are prompted for a password then something went wrong. Make sure that all the information is correct.
        ssh -i <private key location> <username>@hostname -p <port>
    

Windows Putty

If you are using putty on a windows machine then follow these steps:

  1. Convert your private key to the format that putty is expecting to. To do this use the puttygen program. For more information look here
  2. Create a new session that uses the username, hostname and port that you have gathered. Also under the authentication menu make sure you point the key field to the key that you generated in putty format.

Omni ReadyToLogin Script

If you are trying to login to the hosts from the machine where you have Omni installed, then you can use the readyToLogin.py script that comes with Omni to give you the exact command you need to run. To do this follow these steps:

  1. Modify your PYTHONPATH to include the omni src directory
        export PYTHONPATH=$PYTHONPATH:<path_to_gcf_directory>/src
    
  2. The readyToLogin.py script uses the same arguments as Omni. You will need to provide the script the same input as the input you would provide to the sliverstatus command. While at the gcf directory run:
       readyToLogin -a <AM_URL> <slicename>
    

In the end of the output there should be information about the ssh commands:

           nriga@pella:~/gcf$ ./examples/readyToLogin.py websrv -a pg-utah
           <MISSING OUTPUT>
================================================================================
Aggregate [https://www.emulab.net/protogeni/xmlrpc/am] has a ProtoGENI sliver.


pc522.emulab.net's geni_status is: changing
Login using:
	xterm -e ssh -i /home/nriga/.ssh/geni_key inki@pc522.emulab.net -p 32570 &

pcwf171.emulab.net's geni_status is: ready
Login using:
	xterm -e ssh -i /home/nriga/.ssh/geni_key inki@pcwf171.emulab.net &

================================================================================

You can directly copy and paste the commands to your terminal and execute them. If you don't want the ssh to be opened in a new window you can omit the 'xterm -e' part.

Troubleshoot/Useful tips

I am trying to login to the hosts and I am prompted for a password

When you trying to login to GENI hosts you should only be prompted for your ssh passphrase. If you are prompted for a password then there is something wrong. Things you can try:

  • change the permissions of your private key . If while trying to login you get a warning that says :
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    
    Then you have a permission problem, try running:
    chmod 600 <private_key_location>
    
  • wrong username : if you are using a wrong username you won't be able to login to the hosts, make sure that you get the right username especially if you are using planetlab resources
  • wrong port : make sure you use the right port when trying to login, especially if you are using VMs in ProtoGENI.
  • your sliver is not ready yet : make sure that the status of your liver is ready before you try to login. If you are using PlanetLab nodes then you might have to wait up to 30 minutes before your nodes are configured.

If you have tried everything but you still can't login, email us at help@geni.net.

Managing SSH Keys

Depending on which type of OS You are using, there are ways to make the management of ssh keys and pathphrases simpler. Mac OS comes build in with a program called Keychain that is a program for managing identities, passwords, etc.

Simplify the ssh command

If you don't want to always specify the '-i' command when you try to login to your hosts, then you can modify your ssh config file to use your key by default. The default location for your ssh configuration file is at ~/.ssh/config. For more information on the ssh configuration files use man ssh_config. If you want to setup your configuration so that it affects only your current hosts then you can add these lines to your configuration file for each host :

Host <your_alias>
     Port <port>
     HostName <hostname>
     User <username>
     IdentityFile <private_key_location>

Now you can simply run ssh <your_alias>, where <your_alias> can be any nickname you choose. In this

This way requires you to add an entry for each host you have, given that the hosts that you reserve each time won't necessarily be the same, this process might end up being tedious and create a very big configuration file. Another way is to add your IdentityFile as a global parameter so it is used as an authentication method when trying to login to any host. Add these lines on the top of your ssh configuration file:

IdentityFile ~/.ssh/id_rsa
IdentityFile <private_key_location>

The downside with this approach is that now this change affects your authorization to all nodes, not only GENI ones.

Attachments (7)

Download all attachments as: .zip