Changes between Initial Version and Version 1 of MonsoonSshAgent


Ignore:
Timestamp:
17/01/13 09:12:45 (8 years ago)
Author:
ros
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • MonsoonSshAgent

    v1 v1  
     1 
     2= SSH Setup on MONSooN =         
     3 
     4In order to submit UM jobs to MONSooN from the UMUI on PUMA you need to have set up ssh-agent and ssh-forwarding correctly. 
     5 
     6This page attempts to describe what you need to do to setup ssh-agent. Since instructions will differ depending on your current setup; whether you already have an ssh-agent running on PUMA and if so, where it is initiated from, be that PUMA or forwarded from a localhost, we cannot cover all scenarios and offer this information as advice only. 
     7 
     8  
     9== Determining if you already have an ssh-agent running on PUMA == 
     10 
     11First we need to determine if you already have an ssh-agent running on PUMA. Login to PUMA and run the command `ssh-add -l` 
     12 
     13=== Scenario A: === 
     14{{{ 
     15puma$ ssh-add -l 
     161024 7e:c9:c1:a6:f5:71:e3:bd:d9:84:23:4c:e4:fc:f7:ea /home/ros/.ssh/id_dsa (DSA) 
     17}}} 
     18If the result is similar to the above then you already have an ssh-agent running on PUMA. Please go to the setup instructions entitled "Setting up your public key PUMA". 
     19 
     20=== Scenario B: === 
     21{{{ 
     22puma$ ssh-add -l 
     23Could not open a connection to your authentication agent. 
     24}}} 
     25Output similar to the above indicates that you do not have an ssh-agent running on PUMA. Please follow the instructions entitled "Setting up ssh-agent on PUMA". 
     26 
     27== Setting up ssh-agent on PUMA == 
     28 
     29Note: The following instructions assume that you haven't already got ssh-agent setup on PUMA. 
     30 
     31 1. Generate the authentication key on PUMA: 
     32{{{ 
     33    puma$ ssh-keygen -f ~/.ssh/id_dsa -C "‹userid›@puma.nerc.ac.uk" 
     34    Generating public/private rsa key pair. 
     35    Enter passphrase(empty for no passphrase): [TYPE_YOUR_PASSPHRASE] 
     36    Enter same passphrase again: [TYPE_YOUR_PASSPHRASE] 
     37    Your identification has been saved in ~/.ssh/id_dsa. 
     38    Your public key has been saved in ~/.ssh/id_dsa.pub. 
     39    The key fingerprint is: 
     40    md5 1024 [String of characters] ‹userid›@puma.nerc.ac.uk 
     41}}} 
     42    [TYPE-YOUR-PASSPHRASE] is a fairly complicated and unguessable passphrase. You can use spaces in the pass phrase if it helps you to remember it more readily. It is recommended that you don't use your password just in case this is hacked. 
     43 
     44 2. Add the public key to the ~/.ssh/authorized_keys file on PUMA: 
     45{{{ 
     46    puma$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys 
     47}}} 
     48 
     49 3. Run ssh-agent on PUMA: 
     50 
     51 Make the ssh-agent automatically start-up when your session runs. 
     52 
     53 Copy my setup script to `$HOME/.ssh/setup`, and ensure it has execute permission: 
     54{{{ 
     55    puma$ chmod u+x $HOME/.ssh/setup 
     56}}} 
     57 Call this script from your `.kshrc` (if you don't have a `.kshrc` file call it from your `.profile`) by adding the following line: 
     58{{{ 
     59    . $HOME/.ssh/setup 
     60}}} 
     61 
     62 4. Run the following command and type your passphrase (you may need to do this every time a new ssh-agent is started - ie. every time you re-start your local session): 
     63{{{ 
     64    puma$ ssh-add 
     65    Enter passphrase for ~/.ssh/id_dsa (‹userid›@puma.nerc.ac.uk): [Type Passphrase] 
     66}}} 
     67 
     68 5. Now complete the section entitled "Setting up ssh-forwarding" 
     69 
     70 
     71== Setting up your public key == 
     72 
     73The following instructions assume that you already have an ssh-agent running on PUMA 
     74 
     75The purpose of this section is to set up your public keys so that you don't need to supply your PUMA password during the job submission process. You need to copy your public key to the `~/.ssh/authorized_keys` file on PUMA, but which key this is, depends on how you setup the ssh-agent. 
     76 
     77Is the agent running on PUMA or has it been forwarded from a localhost (ie. the machine you logged into PUMA from)? 
     78 
     79The easiest way to determine this is to search the processes you have running on PUMA, by issuing the command: 
     80{{{ 
     81ps -flu | grep ssh-agent 
     82}}} 
     83 
     84If the search is successful, then you are running the agent on PUMA and you need to run the following command to add your PUMA public key to the `~/.ssh/authorized_keys` file on PUMA: 
     85{{{ 
     86puma$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys 
     87}}} 
     88 
     89Otherwise the ssh-agent is being forwarded from another machine. You now need to determine which machine that is, most likely to be the one you logged into PUMA from and copy the public key from that machine to the `~/.ssh/authorized_keys` file on PUMA. This can be achieved in a secure manner by running the following command: 
     90{{{ 
     91puma$ cat ~/.ssh/id_dsa.pub | ssh ‹userid›@puma.nerc.ac.uk 'mkdir -p .ssh ; cat - >> ~/.ssh/authorized_keys' 
     92}}} 
     93 
     94Note: Depending on the type of public key you have previously generated, you may find it is in a file called `~/.ssh/id_rsa.pub` rather than `id_dsa.pub` 
     95 
     96Now complete the section entitled "Setting up ssh-forwarding". 
     97 
     98== Setting up ssh-forwarding == 
     99 
     100'''On PUMA:''' 
     101 
     102If you already have the file `$HOME/.ssh/config` add the following lines to it, otherwise first create the file `$HOME/.ssh/config` and add the following lines. 
     103{{{ 
     104Host monsoon lander.monsoon-metoffice.co.uk 
     105ForwardAgent yes 
     106 
     107Host * 
     108ForwardAgent no 
     109ForwardX11 yes 
     110ForwardX11Trusted yes 
     111}}} 
     112  
     113'''On lander.monsoon-metoffice.co.uk:''' 
     114('''Note:''' This is on the lander '''NOT''' the IBM) 
     115 
     116Create, or append to, the file `$HOME/.ssh/config` the following lines. 
     117{{{ 
     118Host *.* 
     119ForwardAgent no 
     120 
     121Host * 
     122ForwardAgent yes 
     123ForwardX11 yes 
     124}}} 
     125 
     126If all has worked correctly, you should only be required to enter your MONSooN passcode once for each job you submit.