How to connect to kongull.hpc.ntnu.no
The only way to connect to kongull.hpc.ntnu.no is by secure shell (ssh), e.g. from a UNIX system
% ssh -l username kongull.hpc.ntnu.no
If you want to display a window from Njord on your local Linux desktop, such as when you edit files with either gvim or emacs, then you must login with the -X option:
% ssh -X -l username kongull.hpc.ntnu.no
Windows users: For logging in from MS Windows machines, we recommend using the Putty or SSH Secure Shell. Both program packages can be found under \\progdist\fri in your MS Windows File browser when you are connected to the NTNU Windows domain.
Generating a SSH keypair
You may login by the use of cryptographic authentication. To do so you will need to generate a SSH keypair if not allready have done so. The keypair consist of a private and public key. You will put the public key on kongull.hpc.ntnu.no (or any other system you want to login on). The private part you keep private and on the client from which you access kongull.hpc.ntnu.no. With SSH you either generate a DSA or RSA keypair. All the following commands are run on your Linux/UNIX client.
Here is how you generate a DSA keypair:
~$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/ahomea/b/bjorn/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Passphrases do not match. Try again. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ahomea/b/bjorn/.ssh/id_dsa. Your public key has been saved in /home/ahomea/b/bjorn/.ssh/id_dsa.pub. The key fingerprint is: e5:fe:96:43:15:6a:61:e1:4a:59:83:0b:f2:03:fc:d1 bjorn@thunder.itea.ntnu.no
Here is how you generate a RSA keypair:
~$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/ahomea/b/bjorn/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Passphrases do not match. Try again. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ahomea/b/bjorn/.ssh/id_rsa. Your public key has been saved in /home/ahomea/b/bjorn/.ssh/id_rsa.pub. The key fingerprint is: d0:50:e2:f9:94:c9:19:32:33:62:51:96:16:53:90:35 bjorn@thunder.itea.ntnu.no
In your home directory you will know have a directory .ssh which contains a keypair:
% ls -l .ssh -rw------- 1 bjorn xts 736 Jan 21 15:39 id_dsa -rw-r--r-- 1 bjorn xts 618 Jan 21 15:39 id_dsa.pub or if you have made a RSA keypair: % ls -l .ssh -rw------- 1 bjorn xts 1743 Jan 21 15:35 id_rsa -rw-r--r-- 1 bjorn xts 410 Jan 21 15:35 id_rsa.pub
The file with the .pub extension contains your public key. The contents of this file (id_dsa.pub or id_rsa.pub) is transferred to .ssh/autorized_keys on the host that you want to use cryptographic authentication. The other file (id_dsa or id_rsa) contains your private key. Your private key must not be shared with anyone.
Transferring your public key to a host
You copy the file with the .pub extension to kongull.hpc.ntnu.no. The contents of the .pub file, either the id_dsa.pub or the id_rsa.pub are added to the .ssh/autorizedkeys in you home directory on kongull.hpc.ntnu.no.
bjorn@bjorn-laptop:~/.ssh$ scp id_rsa.pub kongull.hpc.ntnu.no:tmp/id_rsa.pub bjorn@kongull.hpc.ntnu.no's password: id_rsa.pub 100% 746 0.7KB/s 00:00Logon to kongull.hpc.ntnu.no and add the contents of id_rsa.pub to .ssh/authorized_keys, either by using your favourite editor, or by adding the file to authorized_keys with the cat
UNIX-command
bjorn@bjorn-laptop:~$ ssh kongull.hpc.ntnu.no bjorn@kongull.hpc.ntnu.no's password: Last login: Wed Jan 13 11:58:44 2010 from thunder.itea.ntnu.no ~$ ls -l .ssh total 160 -rw-r--r-- 1 bjorn xts 1779 Nov 6 2008 authorized_keys -rw-r--r-- 1 bjorn xts 106 Mar 25 2009 config -rw-r--r-- 1 bjorn xts 2240 Jun 4 2009 known_hosts ~$ cat tmp/id_rsa.pub >> .ssh/authorized_keys ~$ tail .ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEArYi6tkWrxEKyhXgRsXMmpz/bvJBzgk FghX7hzZkr9lwymm/cq6b5+ZllMTLzL+weDejLlWnDOxNTyBH8zbCNlrn4Hv1Jz+P4 L3wv+3bOZ+8M8z9OtP0mEdIwqfBZFBInktdIozBCZeTc/ZWTprpucDViFjhIu+0hkV kF5js5wHRShptV8jpTmF9acChR6ydJp8n3f21/dWKkoK6sE8oftODmtDGLO60lw532 4fdK+TiaUTcRHC0GWh+hCJxX2TiwVhsf9UJJuZAnUnB2+aO53W2pXglwP4M5wa3eyY jDrx5FdjiH+Q6F6hMzVDxSTjg/ihGNMtK97cWJ0dOQoiurckCEUYh//fPFBYUwq8iT P4yc7jjuTlnxrQKOVZ4cZzurbjhUbLPEsctXUycL+2ZNgDITM/K6kOlt9hengID8CP AOKKKva3v/JsoAQzU0fo9kkQHozT79dhwJ9KqOOFuRnbCISJKeZmz3/gGANN2hBh+H C15qUDhSNXGP2+Kub5izEmhFbMUMp2CFKinoFP4o5m3Qem4+QVOqbV1bs= bjorn@bjorn-laptop
This adds your public key to the authorized_file. If you use the UNIX-command tail on the file authorized_key will you see that your pubic key added to the end of the file.
Log in in with cryptographic authentication
You now have your private SSH key in your .ssh directory in your home area on your client. Your public SSH key is installed on the host you want to log on. To able to use the SSH key pair for authentication, you must have a SSH key agent running on your client and the agent must hold your private key. Most Linux clients, like Ubuntu and Fedora, have a key agent running by default. The ssh commands will request the agent for your keys each time you invoke a ssh session or a file transfer with scp/sftp. To add your SSH private key to your SSH agent you use the UNIX command ssh-add:
bjorn@bjorn-laptop:~$ ssh-add
Enter passphrase for /home/bjorn/.ssh/id_rsa:
Identity added: /home/bjorn/.ssh/id_rsa (/home/bjorn/.ssh/id_rsa)
bjorn@bjorn-laptop:~$
bjorn@bjorn-laptop:~$ ssh kongull.hpc.ntnu.no
Last login: Fri Jan 22 08:26:33 2010 from dhcp-75224.itea.ntnu.no
Welcome to kongull.hpc.ntnu.no
kongull.hpc.ntnu.no:~$
When you have added your private key to the SSH agent, you may log on the host. Note that if this worked, all UNIX-shell you start on your client will be able to access your agent and use the your private key. If you start a new shell, you may log on the host with out any password prompt. This applies to file transfers with scp/sftp, as well. If your client is rebooted, you will need to add the SSH private key to your SSH agent key once again.
Starting the SSH key agent manually
If ssh-add returns an error message, like Could not open connection to your authentication agent.", you do not have a SSH key agent running. You will have to start the SSH key agent manually. To verify that you do not have a SSH key agent, do a process listing and filter the ssh processes:
~$ ps -ef | grep ssh | grep bjorn root 4956 8484 0 09:51 ? 00:00:00 sshd: bjorn [priv] bjorn 4958 4956 0 09:51 ? 00:00:00 sshd: bjorn@pts/6 bjorn 5220 4959 0 10:00 pts/6 00:00:00 grep ssh ~$In process list above there is no SSH process named ssh-agent.
You will need to start the SSH agent and add the SSH key:
~$ ssh-agent SSH_AUTH_SOCK=/tmp/ssh-VuZWdh5402/agent.5402; export SSH_AUTH_SOCK; SSH_AGENT_PID=5403; export SSH_AGENT_PID; echo Agent pid 5403; ~$ SSH_AUTH_SOCK=/tmp/ssh-VuZWdh5402/agent.5402; export SSH_AUTH_SOCK; ~$ SSH_AGENT_PID=5403; export SSH_AGENT_PID; ~$ ssh-add Enter passphrase for /home/bjorn/.ssh/id_dsa: Identity added: /home/bjorn/.ssh/id_dsa (/home/bjorn/.ssh/id_dsa) ~$Note that the SSH commands (ssh, scp, sftp)
make use of the environmental variables SSH_AUTH_SOCK and SSH_AGENT_PID to connect to the SSH agent. Hence, after starting the SSH key agent, these environmental variables are explicit set in the shell with the values echoed from the SSH key agent. You will need to do this in each shell you start from where you want to make use of agent. If your SSH key agent exits due to a kill command or a reboot of your client, you will need to start the SSH key agent again. The SSH key agent will then execute with another PID and using another socket, and your environmental variables need to be set again with the new values echoed from the SSH key agent.
