wiki:Archer2/SshAgentSetup

Version 1 (modified by ros, 3 months ago) (diff)

SSH setup for submission of UM suites/UMUI jobs from PUMA to ARCHER2

1. Set up PUMA environment

If this is the first time you have used your PUMA account, you will need to create a .profile. Copy our standard one:

puma$ cd ~
puma$ cp ~um/um-training/setup/.profile .

(If you already have a .profile, make sure it includes the lines from the standard file.)

2. Generate the authentication key for use with Rose/Cylc suites

Run the following command to generate your archerum ssh key.

puma$ ssh-keygen -t rsa -b 4096 -C "me@somewhere.ac.uk" -f ~/.ssh/id_rsa_archerum

When prompted to "Enter passphrase", this should be a fairly complicated and unguessable passphrase. You can use spaces in the passphrase if it helps you to remember it more readily. It is recommended that you don’t use your password in case it is hacked.

Your archerum key will be automatically picked up and sent to ARCHER2 to install. It may take up to 48 hours to become activated on ARCHER2.

IMPORTANT:

  • DO NOT use an empty passphrase as this presents a security issue.
  • DO NOT regenerate your archerum ssh-key once you have a working one in place, unless absolutely necessary.
  • It may take up to 48 hours for your new key to be installed on ARCHER2.

3. Update ssh config file

In your PUMA ~/.ssh/config file add the following section:

Host login.archer2.ac.uk
User <archer2_username>
IdentityFile ~/.ssh/id_rsa_archerum
ForwardX11 no
ForwardX11Trusted no

Where <archer2_username> should be replaced with your ARCHER2 username.

4. Set up ssh-agent

Setting up ssh-agent allows caching of your archerum key passphrase for a period of time.

puma$ cp ~um/um-training/setup/ssh-setup ~/.ssh

Logout of PUMA and then back in again.

Add your archerum key to your ssh-agent by running:

puma$ ssh-add ~/.ssh/id_rsa_archerum
Enter passphrase for /home/<puma-username>/.ssh/id_rsa:
[TYPE_YOUR_PASSPHRASE]

You will be prompted for your passphrase.

The ssh agent should keep running even when you log out of PUMA, however it may stop from time to time, for example if PUMA is rebooted.

5. Verify the setup is correct

Note: Only proceed to this step once your archerum key has been installed on ARCHER2.

Try logging into ARCHER with:

puma$ ssh login.archer2.ac.uk

You should not be prompted for your passphrase. The response from ARCHER2 should be similar to:

--------------------------------------------------------------------------------
This is a private computing facility. Access to this service is limited to those
who have been granted access by the operating service provider on behalf of the
contracting authority and use is restricted to the purposes for which access was
granted. All access and usage are governed by the terms and conditions of access
agreed to by all registered users and are thus subject to the provisions of the
Computer Misuse Act, 1990 under which unauthorised use is a criminal offence.
If you are not authorised to use this service you must disconnect immediately.
--------------------------------------------------------------------------------
PTY allocation request failed on channel 0
Comand rejected by policy. Not in authorised list
Connection to login.archer.ac.uk closed.

6. Specify login.archer2.ac.uk as the ARCHER2 host

All Rose suites must submit to login.archer2.ac.uk. Specify login.archer2.ac.uk as the host in the appropriate .rc file (suite.rc or archer2.rc). For example; host = login.archer2.ac.uk