Skip to content

Changes

Page history
Update Annexe GRICAD/howto ssh authored by Jean-Luc Parouty's avatar Jean-Luc Parouty
Show whitespace changes
Inline Side-by-side
Annexe-GRICAD/howto-ssh.md 0 → 100644
View page @ c7ea8f4a
[<img width="800px" src="https://gricad-gitlab.univ-grenoble-alpes.fr/talks/fidle/raw/master/fidle/img/00-Fidle-header-01.svg"></img>](#)
## Configuring SSH for GRICAD / Jupyter
Here is a procedure to happily configure your SSH environment in only 6 steps in order to access GRICAD's clusters.
## Step 0 - Create an account for Gricad using PERSEUS web portal
You should have already received an email given you your Perseus login/passwd to be used during the training sessions.
But for further use, you can create an account and join/create a project on Perseus/Gricad. To do so, check [https://perseus.ujf-grenoble.fr/](https://perseus.ujf-grenoble.fr/)
## Step 1 - Generate yours ssh keys
If you don't already have SSH keys, create one with a nice password :
```
# ssh-keygen
```
## Step 2 - ssh-agent configuration
To avoid having to enter your ssh password all the time, we will use the ssh-agent service.
Try :
```
# ssh-add
```
If an error occurs, add this lines in your .bash_profile and restart your session :
```
# pgrep ssh-agent >/dev/null || ssh-agent -s > ~/.ssh_agent
# . ~/.ssh_agent
# ssh-add -l >/dev/null || ssh-add
```
## Step 3 - Allow your access to the bastions
The bastions are :
- access-ciment.imag.fr alias rotule.imag.fr
- access-ciment.ujf-grenoble.fr alias trinity.ujf-grenoble.fr
\<perseus_login\> is your PERSEUS login (to access GRICAD resources), the password requested is your PERSEUS password.
```
# ssh-copy-id <perseus_login>@rotule.imag.fr
```
and
```
# ssh-copy-id <perseus_login>@trinity.ujf-grenoble.fr
```
To verify, these two commands must now work :
```
# ssh <perseus_login>@rotule.imag.fr hostname
rotule
# ssh <perseus_login>@trinity.ujf-grenoble.fr hostname
trinity
```
If it works, launch one of these commands to retrieve your uid on rotule or trinity : you will need the output result later
```
# ssh <perseus_login>@rotule.imag.fr id -u
# ssh <perseus_login>@trinity.ujf-grenoble.fr id -u
```
## Step 4 - Configuring access through bastions
Modify (or create if it doesn't exist) your **.ssh/config** file, with :
```
ForwardAgent yes
Host *.ciment
User <perseus_login>
ProxyCommand ssh -q <perseus_login>@access-rr-ciment.imag.fr "nc -w 60 `basename %h .ciment` %p"
LocalForward 8889 f-dahu:<your perseus_uid>
LocalForward 6007 f-dahu:<your perseus_uid + 10000>
```
Where :
- \<perseus_login\> is your PERSEUS login
- \<your perseus_uid\> is your uid on rotule or trinity
- \<your perseus_uid + 10000\> is your uid + 10000 (if uid=6500, that makes 16500)
## Step 5 - Drink a coffee
You've earned it, but courage, it's almost over !
## Step 6 - Allow your access to the frontal
As before, the password requested is your PERSEUS password.
```
# ssh-copy-id f-dahu.ciment
# ssh-copy-id luke.ciment
```
**Fine !** Normally, you can now access the cluster frontal directly - securely and simply - without having to re-enter your password 18 times. :-)
**Check it:**
```
# ssh f-dahu.ciment
(...you are on f-dahu...)
```
If that doesn't work, drink another coffee and check your steps... ;-|
----
[<img width="80px" src="https://gricad-gitlab.univ-grenoble-alpes.fr/talks/fidle/raw/master/fidle/img/00-Fidle-logo-01.svg"></img>](#)
\ No newline at end of file