| | 1 | [[Include(WikiToC)]] |
| | 2 | ==== SSH Tunneling |
| | 3 | |
| | 4 | A common need is to connect to some resource on the testbed as if it were local. SSH provides this functionality. Go to the [wiki:tutorials/ssh_tunnel Configuring SSH Tunnels tutorial] to learn how to configure these. |
| | 5 | |
| | 6 | |
| | 7 | ==== Common SSH issues |
| | 8 | ===== If you deleted the "@internal1" key from your profile |
| | 9 | |
| | 10 | As long as you have at least one public key configured in your profile, use your SSH client to connect to {{{gw.orbit-lab.org}}} and run the following commands there. You do not need to make a reservation in the scheduler for this. |
| | 11 | |
| | 12 | {{{ |
| | 13 | rm ~/.ssh/id_rsa |
| | 14 | rm ~/.ssh/id_rsa.pub |
| | 15 | ssh-keygen -t rsa -C "@internal1" |
| | 16 | }}} |
| | 17 | |
| | 18 | Press 'Enter' at every prompt so that the default filename (id_rsa) and no password is used. |
| | 19 | |
| | 20 | Then type the following command: |
| | 21 | |
| | 22 | {{{ |
| | 23 | cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys |
| | 24 | }}} |
| | 25 | |
| | 26 | The internal key should now be restored. |
| | 27 | |
| | 28 | |
| | 29 | ===== Common ssh options for nodes |
| | 30 | |
| | 31 | We'd like to do a few things for convenience: |
| | 32 | |
| | 33 | 1. log into nodes as root by default |
| | 34 | 1. allow forwarding of X11 applications |
| | 35 | 1. Suppress annoying host key warnings |
| | 36 | |
| | 37 | First, log into any console, or gw.orbit-lab.org |
| | 38 | |
| | 39 | After logging in, create or modify the file at {{{~/.ssh/config}}} |
| | 40 | |
| | 41 | Add the following to the file |
| | 42 | |
| | 43 | {{{ |
| | 44 | Host sdr?-md* sdr?-s?-lg* srv?-co* srv?-lg* node?-* node??-* |
| | 45 | User root |
| | 46 | UserKnownHostsFile /dev/null |
| | 47 | StrictHostKeyChecking no |
| | 48 | ForwardX11 yes |
| | 49 | }}} |
| | 50 | |
| | 51 | * Host: The Host line matches common naming conventions for nodes within the testbed |
| | 52 | * User: root is set to match the common default for baseline |
| | 53 | * !UserKnownHostsFile: is set to /dev/null to prevent saving new host keys for nodes |
| | 54 | * !StrictHostKeyChecking: disables the warning message. SSH complains when host keys for a dns name change. This is a useful security feature, but is inconvenient within the testbed, where the operating system on a trusted machine changes frequently. Do not set it as a wildcard default for public endpoints, or you will be vulnerable to spoofing or man in the middle attacks. |
| | 55 | * ForwardX11: allows the forwarding of graphical applications running the X11 protocol from a node back to your machine |
