[Storage-users] Future access to tape storage at NSC

[Johan Raber]

Dear Tape Storage Users,

The old way to access tape storage has been deprecated in favour of 
using standard SSH keys. This means that from now on, you will not need 
a grid certificate to access tape storage at NSC. It also means that you 
will no longer access the server "nuffs.nsc.liu.se" which is being 
decommissioned. You will now access "hubble.nsc.liu.se". Access to 
hubble is only enabled from Gimle and Vagn. Access to nuffs.nsc.liu.se 
will be shut down next friday, 29/10-2010.

Until we have updated the instructions on our website, you will have to 
make do with these instructions on how to use the new system:

    * Get started using SSH keys:

        * Follow the instructions for public key usage at URL
          www.nsc.liu.se/systems/snic/security.html
        * Note that the private key should only be stored on local
          systems, i.e. your laptop, workstation or possibly your
          machine at home.
        * For your own quality of life, start using the SSH agent
          mentioned in the above URL, instructions below depend on it.

    * Verify that it works to Gimle, Vagn or both. As you please.
    * Notify support that you would like your access to be activated on
      the tape storage machine.
    * Once activated, and provided you use the SSH agent, log in to
      Gimle/Vagn with the "-A" flag to the ssh command in addition to
      whatever other flags you use. This enables the ssh agent on your
      local machine to authenticate you automatically in any subsequent
      logins you do, provided that that system has an
      ~/.ssh/authorized_keys file set up in accord with the instructions
      in the above mentioned URL, this is what we do for you on hubble
      in item 3 above.
    * You can now use "sftp" or "lftp" (and other sftp-protocol
      compliant ftp clients) to hubble. "lftp" will give you the exact
      same capabilities you previously enjoyed with "nscftp" (which is a
      wrapper for lftp). Upon login to hubble using lftp, you will see a
      sandboxed environment much like the one you are used to on nuffs.
      Invoke lftp or alternatively sftp like this:

     $ lftp -u your_username, sftp://hubble.nsc.liu.se #Note that the 
comma is intentional
     $ sftp hubble.nsc.liu.se #I recommend against using sftp because it 
is less user friendly than lftp

Many of you already use SSH keys and for you we have already enabled 
access to hubble, you are set to go. Some of you had multiple keys in 
your ~/.ssh/authorized_keys file and for you we enabled the most 
official looking key, e.g. those created on an smhi system.

If you find out your key doesn't work, please contact support with a 
pointer to a working key on Gimle or Vagn. Point us to a particular key 
in your ~/.ssh/authorized_keys file, say "number two" or something to 
that affect. We do not want to install and maintain multiple keys for 
users of the tape access system.

As always, questions and problems can be addressed to 
smhi-support at nsc.liu.se or vagnekman-support at snic.vr.se for Gimle and 
Vagn respectively.

Best Regards,
Johan Raber -- Storage admin, NSC

P.S. The command ssh-add will often seem to fail on systems using the 
Gnome desktop when using the "-c" flag to ssh-add. This is because Gnome 
implements its own mechanism for the same thing (key usage confirmation) 
and that fail. The key is still loaded though, only confirmation doesn't 
work. D.S.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.nsc.liu.se/pipermail/storage-users/attachments/20101022/fadb54b1/attachment.htm