[Storage-users] Future access to tape storage at NSC
Johan Raber
raber at nsc.liu.se
Fri Oct 22 16:07:49 CEST 2010
Dear Tape Storage Users,
The old way to access tape storage has been deprecated in favour of
using standard SSH keys. This means that from now on, you will not need
a grid certificate to access tape storage at NSC. It also means that you
will no longer access the server "nuffs.nsc.liu.se" which is being
decommissioned. You will now access "hubble.nsc.liu.se". Access to
hubble is only enabled from Gimle and Vagn. Access to nuffs.nsc.liu.se
will be shut down next friday, 29/10-2010.
Until we have updated the instructions on our website, you will have to
make do with these instructions on how to use the new system:
* Get started using SSH keys:
* Follow the instructions for public key usage at URL
www.nsc.liu.se/systems/snic/security.html
* Note that the private key should only be stored on local
systems, i.e. your laptop, workstation or possibly your
machine at home.
* For your own quality of life, start using the SSH agent
mentioned in the above URL, instructions below depend on it.
* Verify that it works to Gimle, Vagn or both. As you please.
* Notify support that you would like your access to be activated on
the tape storage machine.
* Once activated, and provided you use the SSH agent, log in to
Gimle/Vagn with the "-A" flag to the ssh command in addition to
whatever other flags you use. This enables the ssh agent on your
local machine to authenticate you automatically in any subsequent
logins you do, provided that that system has an
~/.ssh/authorized_keys file set up in accord with the instructions
in the above mentioned URL, this is what we do for you on hubble
in item 3 above.
* You can now use "sftp" or "lftp" (and other sftp-protocol
compliant ftp clients) to hubble. "lftp" will give you the exact
same capabilities you previously enjoyed with "nscftp" (which is a
wrapper for lftp). Upon login to hubble using lftp, you will see a
sandboxed environment much like the one you are used to on nuffs.
Invoke lftp or alternatively sftp like this:
$ lftp -u your_username, sftp://hubble.nsc.liu.se #Note that the
comma is intentional
$ sftp hubble.nsc.liu.se #I recommend against using sftp because it
is less user friendly than lftp
Many of you already use SSH keys and for you we have already enabled
access to hubble, you are set to go. Some of you had multiple keys in
your ~/.ssh/authorized_keys file and for you we enabled the most
official looking key, e.g. those created on an smhi system.
If you find out your key doesn't work, please contact support with a
pointer to a working key on Gimle or Vagn. Point us to a particular key
in your ~/.ssh/authorized_keys file, say "number two" or something to
that affect. We do not want to install and maintain multiple keys for
users of the tape access system.
As always, questions and problems can be addressed to
smhi-support at nsc.liu.se or vagnekman-support at snic.vr.se for Gimle and
Vagn respectively.
Best Regards,
Johan Raber -- Storage admin, NSC
P.S. The command ssh-add will often seem to fail on systems using the
Gnome desktop when using the "-c" flag to ssh-add. This is because Gnome
implements its own mechanism for the same thing (key usage confirmation)
and that fail. The key is still loaded though, only confirmation doesn't
work. D.S.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.nsc.liu.se/pipermail/storage-users/attachments/20101022/fadb54b1/attachment.htm
More information about the storage-users
mailing list