Changes between Version 18 and Version 19 of User Guide/Remote Access/SSH

Timestamp:

May 19, 2020, 9:06:49 PM (5 years ago)

Author:

msherman

Comment:

—

User Guide/Remote Access/SSH

@@ -1 +1 @@
 [[Include(WikiToC)]]
-=== SSH
-==== Configuring SSH Keys ==== #ConfiguringSSHKeys
+=== Configuring SSH Keys === #ConfiguringSSHKeys
 
 SSH access to [wiki:/Architecture/Domains COSMOS domains] requires the use of public key authentication. If you try to connect using the username and password that you use for accessing the scheduler and status pages, you will receive the following message:
@@ -32 +31 @@
 }}}
 
-===== Generating keys
+==== Generating keys
  Each distribution has their own location for the specific generation tools. These instructions are based on the  documentation for Ubuntu ([https://help.ubuntu.com/community/SSH/OpenSSH/Keys located here]). 
 
@@ -53 +52 @@
 
 [[BR]]
-===== Uploading your public key to your COSMOS account
+==== Uploading your public key to your COSMOS account
  To upload you public key to your cosmos account, do the following:
  1. Go to [https://wiki.cosmos-lab.org/cPanel/accountManagement/adminAuthKeys Profile] and sign in with your COSMOS username and password
@@ -74 +73 @@
 
 [[BR]]
-===== Configuring your SSH client
+==== Configuring your SSH client
   Under normal circumstances, as long as the private key file is located in the /home/your_username/.ssh/ folder, the command line SSH client will use the correct key when connecting.
  To test your setup, open a command-line terminal and (replacing ''your_cosmos_username'' with your own COSMOS username) type:
@@ -85 +84 @@
 
 [[BR]]
-===== Common issues and how to solve them
+==== Common issues and how to solve them
  * If you receive a message like the following:
 {{{#!shell-session
@@ -110 +109 @@
 These instructions assume that you are using [https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html PuTTY] as your SSH client.
 
-===== Generating keys
+==== Generating keys
  In PuTTY, the key generation is handled by a separate program named ''puttygen.exe''. If you installed PuTTY via the installer, there should be an icon for PuTTYgen in your Start menu, otherwise [http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html download it from here].
 
@@ -146 +145 @@
 
 [[BR]]
-===== Uploading your public key to you COSMOS account
+==== Uploading your public key to you COSMOS account
  ''NOTE: Internet Explorer is not supported for Control Panel operations (including key upload)''
 
@@ -169 +168 @@
 
 [[BR]]
-===== Configuring your SSH client
+==== Configuring your SSH client
 
  1. Open PuTTY.
@@ -204 +203 @@
 
 [[BR]]
-===== Common issues and how to solve them
+==== Common issues and how to solve them
  * If you receive a message like the following:
  {{{
@@ -227 +226 @@
 Mac OS has a native command line ssh client that can be used to remotely log into consoles. From the Finder select Applications -> Utilities -> Terminal to open a command line terminal.
 
-===== Generating keys
+==== Generating keys
 Generate the public and private keys using the following command
 {{{
@@ -260 +259 @@
 
 [[BR]]
-===== Uploading your public key to you COSMOS account
+==== Uploading your public key to you COSMOS account
  To upload you public key to your cosmos account, do the following:
  1. Go to [https://wiki.cosmos-lab.org/cPanel/accountManagement/adminAuthKeys Profile] and sign in with your COSMOS username and password
@@ -281 +280 @@
 
 [[BR]]
-===== Configuring your SSH client
+==== Configuring your SSH client
  Under normal circumstances, as long as the private key file is located in the /Users/your_username/.ssh/ folder, the command line SSH client will use the correct key when connecting.
 
@@ -294 +293 @@
 
 [[BR]]
-===== Common issues and how to solve them
+==== Common issues and how to solve them
  * TODO
 [[CollapsibleEnd]]
 
-[[BR]]
-
-==== SSH Tunneling
-
-A common need is to connect to some resource on the testbed as if it were local. SSH provides this functionality. Go to the [wiki:tutorials/ssh_tunnel Configuring SSH Tunnels tutorial] to learn how to configure these.
-  
-
-==== Common SSH issues
-===== If you deleted the "@internal1" key from your profile
-
-As long as you have at least one public key configured in your profile, use your SSH client to connect to {{{gw.orbit-lab.org}}} and run the following commands there. You do not need to make a reservation in the scheduler for this.
-
-{{{
-rm ~/.ssh/id_rsa
-rm ~/.ssh/id_rsa.pub
-ssh-keygen -t rsa -C "@internal1"
-}}}
-
-Press 'Enter' at every prompt so that the default filename (id_rsa) and no password is used.
-
-Then type the following command:
-
-{{{
-cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
-}}}
-
-The internal key should now be restored.
-
-
-===== Common ssh options for nodes
-
-We'd like to do a few things for convenience:
-
-1. log into nodes as root by default
-1. allow forwarding of X11 applications
-1. Suppress annoying host key warnings
-
-First, log into any console, or gw.orbit-lab.org
-
-After logging in, create or modify the file at {{{~/.ssh/config}}}
-
-Add the following to the file
-
-{{{
-Host sdr?-md* sdr?-s?-lg* srv?-co* srv?-lg* node?-* node??-*
-  User root
-  UserKnownHostsFile /dev/null
-  StrictHostKeyChecking no
-  ForwardX11 yes
-}}}
-
-* Host: The Host line matches common naming conventions for nodes within the testbed
-* User: root is set to match the common default for baseline
-* !UserKnownHostsFile: is set to /dev/null to prevent saving new host keys for nodes
-* !StrictHostKeyChecking: disables the warning message. SSH complains when host keys for a dns name change. This is a useful security feature, but is inconvenient within the testbed, where the operating system on a trusted machine changes frequently. Do not set it as a wildcard default for public endpoints, or you will be vulnerable to spoofing or man in the middle attacks.
-* ForwardX11: allows the forwarding of graphical applications running the X11 protocol from a node back to your machine
-
-
-
-
-
+
+
+