Changes between Version 11 and Version 12 of ArcherSshAgent


Ignore:
Timestamp:
17/08/20 15:01:18 (7 months ago)
Author:
ros
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • ArcherSshAgent

    v11 v12  
    11= SSH setup for PUMA to Archer =  
    2  
    3 '''Please Note:''' If you already have ssh keys set up on PUMA, follow the instructions at the bottom of the page: [#exisitingAgent Using an existing ssh agent].  
    42 
    53== 1. Set up PUMA environment ==  
     
    1210(If you already have a .profile, make sure it includes the lines from the standard file.) 
    1311 
    14 == 2. Generate the authentication key on PUMA and install it on ARCHER ==  
     12== 2. Generate the authentication key for use with !Rose/Cylc suites ==  
    1513 
    16 Run the install-ssh-keys script. This will take you through ssh-key creation and copy the key over to ARCHER. 
    17  
     14Run the following command to generate your archerum ssh key.  
    1815{{{ 
    19 puma$ source ~um/um-training/install-ssh-keys <archer-username>@login.archer.ac.uk 
     16puma$ ssh-keygen -t rsa -b 4096 -C "me@somewhere.ac.uk" -f ~/.ssh/id_rsa_archerum 
    2017}}} 
    2118 
    2219When prompted to "Enter passphrase", this should be a fairly complicated and unguessable passphrase. You can use spaces in the passphrase if it helps you to remember it more readily. It is recommended that you don’t use your password in case it is hacked. 
    2320 
    24 '''Warning''': '''DO NOT''' use an empty passphrase as this presents a security issue. 
     21'''Important''': '''DO NOT''' use an empty passphrase as this presents a security issue. 
    2522 
    26 After generating your ssh-key, the script will copy it over to ARCHER. 
     23== 3. Update ssh config file == 
    2724 
    28 When prompted for "Password", enter your ACRHER password. 
    29  
    30 == 3. Verify the authentication works ==  
    31  
     25In your PUMA `~/.ssh/config` file add the following section: 
    3226{{{ 
    33 puma$ ssh <archer-user-name>@login.archer.ac.uk 
    34 Enter passphrase for key '/home/<puma-username>/.ssh/id_rsa': 
    35 [TYPE_YOUR_PASSPHRASE] 
     27Host login7.archer.ac.uk 
     28User <archer_username> 
     29IdentityFile ~/.ssh/id_rsa_archerum 
     30ForwardX11 no 
     31ForwardX11Trusted no 
     32Setup ssh-agent 
    3633}}} 
    3734 
    38 If you don’t get asked for your Passphrase, then something has gone wrong. In this case, make sure the public key, was successfully copied over to ARCHER by logging into ARCHER and opening the file {{{~/.ssh/authorized_keys}}}. It should contain something similar to: 
     35== 4. Set up ssh-agent == 
    3936 
     37Setting up ssh-agent will allow you to cache your archerum key passphrase for a period of time. 
    4038{{{ 
    41 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAt1JmHYgsuf0UWVLqNqnDSaUUP2xJ+Um0H5WnUt/i 
    42 2mxhlBrwOtvVWRjnzo5EcylZJs/Cg5JVe4UR6toqNXbZG1RXscLQnQoPAvzFoWLzfP7Q3lrzeC1S 
    43 kM2FWfWC38ga3Svs6fm63/I7WmJy+4D8BWWaXj/9yM1OskFj6yfWItr150rwwNauOQbWJhl7I/Kk 
    44 fhVPBvZ9vHiAK4cjUMQ9fFS1dij3GSBmOfu2RuMgNNg9y1MLSzEk2242F4tOg7paTk7wwUZ+ZLqR 
    45 BtT2aREnjIGI7KvACBZD1y40tXXPIZw9m2Dl0dK7mFQ2/YFWh2/NAmkFMXzDOmkg0biq1m+QKw== 
    46 ros@puma 
     39puma$ cp ~um/um-training/setup/ssh-setup ~/.ssh 
    4740}}} 
    4841 
     42Logout of PUMA and then back in again. 
    4943 
    50 If it doesn’t, and no errors were reported from the {{{install-ssh-keys script}}}, please [wiki:ContactUs contact the CMS team]. 
    51  
    52 Once you have this part working, log out of ARCHER. 
    53  
    54 == 4. Start up ssh-agent == 
    55  
    56 Run the following command and type your passphrase: 
    57  
     44Add your archerum key to your ssh-agent by running: 
    5845{{{ 
    59 puma$ ssh-add 
     46puma$ ssh-add ~/.ssh/id_rsa_archerum 
    6047Enter passphrase for /home/<puma-username>/.ssh/id_rsa: 
    6148[TYPE_YOUR_PASSPHRASE] 
    6249}}} 
    6350 
    64 You may need to do this every time a new agent is started. The ssh agent should keep running even when you log out of puma, however it may stop from time to time, for example if PUMA is rebooted.  
     51You will be prompted for your passphrase. 
    6552 
    66 == 5. Checks this works by ssh-ing into ARCHER ==  
     53The ssh agent should keep running even when you log out of puma, however it may stop from time to time, for example if PUMA is rebooted.  
    6754 
    68 You should now be able to ssh from PUMA to ARCHER without a password or passphrase.  
     55== 5. Verify the setup is correct == 
    6956 
    70 ---- 
     57Try logging into ARCHER with: 
     58{{{ 
     59puma$ ssh login7.archer.ac.uk 
     60}}} 
     61You should not be prompted for your passphrase. The response from ARCHER should be: 
     62{{{ 
     63-------------------------------------------------------------------------------- 
     64This is a private computing facility. Access to this service is limited to those 
     65who have been granted access by the operating service provider on behalf of the 
     66contracting authority and use is restricted to the purposes for which access was 
     67granted. All access and usage are governed by the terms and conditions of access 
     68agreed to by all registered users and are thus subject to the provisions of the 
     69Computer Misuse Act, 1990 under which unauthorised use is a criminal offence. 
     70If you are not authorised to use this service you must disconnect immediately. 
     71-------------------------------------------------------------------------------- 
     72PTY allocation request failed on channel 0 
     73Comand rejected by policy. Not in authorised list 
     74Connection to login7.archer.ac.uk closed. 
     75}}} 
    7176 
    72 == Using an existing ssh agent == #exisitingAgent 
     77== 6. Specify login7 as the ARCHER host == 
    7378 
    74 If you already have ssh keys and an ssh agent set up on PUMA (for example from the UM training course or for MONSooN) you can use this to connect to ARCHER.  
     79As at August 2020 this mechanism only works for `login7.archer.ac.uk`, this means that all suites must be modified to submit to this login node. 
     80Specify `login7.archer.ac.uk` as the host in the appropriate .rc file (`suite.rc` or `archer.rc`). For example; `host = login7.archer.ac.uk`. 
    7581 
    76 First you need to find the name of the public key in your `.ssh` directory:  
    77 {{{ 
    78 puma$ ls ~/.ssh 
    79 environment.puma  id_rsa  id_rsa.pub  known_hosts  ssh-setup 
    80 }}} 
    81 The public key ends with .pub and will usually be called `id_rsa.pub` or `id_dsa.pub`. 
     82You should then be able to submit suites to ARCHER. 
    8283 
    83 Now run the script to copy the key to your ARCHER account, making sure to use the correct name for your key: 
    84 {{{ 
    85 puma$ ssh-copy-id -i ~/.ssh/id_rsa.pub <archer-username>@login.archer.ac.uk 
    86 }}} 
    87 You will be prompted for your ARCHER password. 
    88  
    89 If successful, you should now be able to login to ARCHER without a password or passphrase. If not take a look at the [http://cms.ncas.ac.uk/wiki/FAQ_T4 FAQs].  
     84The submission mechanism will be rolled out to all ARCHER login nodes in the coming weeks.