From Documentation
Jump to: navigation, search
(When pageant is not running ...)
(When pageant is not running ...)
Line 109: Line 109:
 
====Configuring Pageant ====
 
====Configuring Pageant ====
 
Pageant can be loaded on demand or can be setup to load  when you start Windows.
 
Pageant can be loaded on demand or can be setup to load  when you start Windows.
=====When pageant is not running ... =====
+
=====When Pageant is not running ... =====
 
... you can execute the program "pageant.exe" from Windows as follows:
 
... you can execute the program "pageant.exe" from Windows as follows:
 
  Click on Start and select "All Programs"
 
  Click on Start and select "All Programs"
Line 115: Line 115:
 
    
 
    
 
If you get a small "Pageant Error" icon with the message "Pageant is already running" then click on OK and
 
If you get a small "Pageant Error" icon with the message "Pageant is already running" then click on OK and
go to the next subsection "when Pageant is running ...:
+
go to the next subsection "When Pageant is running ...:
  
 
Otherwise it will immediately become an icon:
 
Otherwise it will immediately become an icon:
Line 125: Line 125:
 
[[Image:pageant2.png|center]]
 
[[Image:pageant2.png|center]]
  
Then press the button "Add key", and choose the ppk file you created with puttygen.exe (see above). It will ask for your passphrase - enter it now. Then press "Close", and you are good to go. As long as the program runs (stays as icon), you can use putty.exe to login to our clusters, and you will not be asked any passwords (or passphrases). You can set up to have pageant.exe to execute automatically every time you restart Windows - then you will only have to provide the passphrase when you restart Windows.
+
Then press the button "Add key", and choose the ppk file you created with puttygen.exe (see above). It will ask for your passphrase - enter it now. Then press "Close", and you are good to go. As long as the program runs (stays as icon), you can use putty.exe to login to our clusters, and you will not be asked any passwords (or passphrases).  
  
 +
=====When Pageant is running...=====
 +
... it means that pageant.exe has already been set up to execute automatically every time you restart Windows - and most probably
 +
with an empty passphrase so you do not need to provide the passphrase when you restart Windows.
 +
 +
=====WinScp=====
 
WinScp.exe (the file copy utility; see [[#Transfering Files|above]]) also works with pageant.exe, by default. You simply launch WinScp, and type in the address of the cluster (e.g., orca.sharcnet.ca), your login name, and then click on "Login" - you will be connected to the cluster without been asked for a password or a passphrase - as long as pageant.exe is running.
 
WinScp.exe (the file copy utility; see [[#Transfering Files|above]]) also works with pageant.exe, by default. You simply launch WinScp, and type in the address of the cluster (e.g., orca.sharcnet.ca), your login name, and then click on "Login" - you will be connected to the cluster without been asked for a password or a passphrase - as long as pageant.exe is running.
  

Revision as of 22:47, 29 March 2013

SSH (secure shell) is a secure method of logging into another computer over the network, and is the only way to access the various SHARCNET machines. It is usually installed by default under Linux and OS X (Mac). A free versions can be downloaded for Windows machines.

Linux and Mac

Under Linux and OS X (Mac), the OpenSSH commands (ssh, sftp and scp) should be available on the command line. These are documented in our knowledge base.

Windows

You can run the command line OpenSSH as on Linux and MacOS if you want by installing the entire Cygwin tool set for Windows or just OpenSSH recompiled for Windows. You can also use the graphical PuTTY and WinSCP programs or the old non-commercial version of SSH Secure Shell for Workstation.

PuTTY and WinSCP

SHARCNET recommends downloading and installing the graphical PuTTY SSH suite along with the WinSCP program based on it. We strongly recommend to generate and use ssh keys (using the programs puttygen and pageant, which are available on the Putty web site) to connect to our clusters (instead of using passwords) - this is both more convenient (you don't have to type your password every time), and much more secure (hackers won't be able to sniff out your password). See the section #Using ssh keys below.

Installing

Download the windows putty installer from the PuTTY homepage (click the download link and pick the installer) and the WinSCP installer from the WinSCP homepage (click the download link and pick the installation package). Note that the WinSCP installer will ask about installing a Spyware Terminator. This is not recommend as it is not required to access SHARCNET systems.

Logging In

Run PuTTY from Programs PuTTY on the Start menu. This will open up PuTTY connection window

Putty initial.png

Enter the full host name of the cluster (portal link) to connect to in the Host Name box (e.g., whale.sharcnet.ca) and click the Open button. If this is your first time connecting to the cluster, you will get the unknown key window

Putty newkey.png

You can pick Yes to store a copy of the servers key. Your system will then store a copy of the server's key and only warn you next time you connect if the key has changed. If you do see a message in the future about the stored key not matching, it could theoretically mean someone was spoofing being our server in order to collect your password, but more likely means we updated our system without preserving our old key.

This will then open a terminal connection to the login node on the desired SHARCNET cluster

Putty terminal.png

Once you enter your SHARCNET user name and password you will be presented with a shell prompt where you can enter commands. (If you don't want to type your password every time you connect to our clusters, see the section #Using ssh keys below.) See our basic commands and editing page, getting started and overview page, and new user seminar video for further information on how to proceed.

Transfering Files

Run WinSCP from Programs WinSCP on the Start menu. This will open up WinSCP connection window

Winscp initial.png

Enter the full host name name of the cluster (portal link) to connect to in the Host name box (e.g., whale.sharcnet.ca), your SHARCNET user name and password in the User name and Password' boxes, and click Login. (If you don't want to type your password every time you connect to our clusters, see the section #Using ssh keys below.) If this is your first time connecting to the cluster, you will get the unknown key window

Winscp newkey.png

You can pick Yes to store a copy of the servers key. Your system will then store a copy of the server's key and only warn you next time you connect if the key has changed. If you do see a message in the future about the stored key not matching, it could theoretically mean someone was spoofing being our server in order to collect your password, but more likely means we updated our system without preserving our old key.

You will then be presented with a side-by-side listing of your files on your computer (on the left) and the SHARCNET system you connected to (on the right).

Winscp folders.png

To copy files around, drag and drop between the left and right panes. A file that starts with a period is considered to be hidden in UNIX and will not be displayed in a terminal by the ls command unless the -a (all) flag is used.

Using ssh keys

For convenience, and for security reasons, we strongly recommend using ssh key authentication instead of a password to connect to our clusters. It can be done under Windows using two more putty executables (available from the Putty download page) - puttygen.exe and pageant.exe. Download them into the same folder as the other putty binaries (putty.exe). Make sure to download "A. Windows installer for everything except PuTTytel" which is half-way down the download screen.

To generate an ssh key pair, execute puttygen.exe. You'll be presented with this window:

Puttygen1.png

Next, you press the "Generate" button. The program will ask you to randomly move the mouse cursor around. Once it's done, the key pair will be generated, and you will see something like this:

Puttygen2.png

Then you have to come up with a passphrase - something you can remember, but something which cannot be easily guessed. It doesn't have to be a single word - it can be a phrase, with spaces. Please don't use your SHARCNET password as a passphrase! And please choose a passphrase (don't leave the fields blank) - this is important for security.

After that, you should press the button "Save private key" - choose some appropriate name (e.g., "sharcnet.ppk"):

Puttygen4.png

Finally, using your mouse, highlight the content of the window "Public key for pasting into OpenSSH authorized_keys file",

Puttygen5.png

copy it (Ctrl-Insert), and paste as one line at the end of your ~/.ssh/authorized_keys file on SHARCNET: simply login to SHARCNET using your ssh client (putty.exe), execute "cat >> .ssh/authorized_keys", press "Shift-Insert" to paste the key to the file, and then press "Ctrl-d". You should make sure this file has proper permissions, by executing "chmod og-rwx .ssh/authorized_keys".

At this point, you have created a matched pair of ssh keys - one is private, and is residing on your Windows computer (*.ppk file; please don't copy it to SHARCNET, and don't share it with anyone!); the second is a public key, which you pasted as one line in the ~/.ssh/authorized_keys file on the remote SHARCNET cluster.

Permissions of public keys

The public key generated by PuTTygen must be placed in the "authorized_keys" file and satisfy the following conditions:

     (1) The file name must be "authorized_keys"
     (2) the file "authorized_keys" can contain one or more public keys
     (3) but each public key must be one line
     (2) additional characters can be appended to the end of the public key in each line
     (3) permissions of file  "authorized_keys" must be set to octal 600 (rw- --- ---)
     (5) the "authorized_keys" file must be placed in subdirectory  "~/.ssh"  on the remote host
     (6) the permissions for the subdirectory "~/.ssh" must be set to octal 700 (rwx  --- ---)

If above conditions are not met the public key authentication will fail. To verify/set these conditions use following commands:

     chmod 600 ~/.ssh/authorized_keys
     chmod 700 ~/.ssh
     wc ~/.ssh/authorized_keys 

Example:

     nickc@hnd20:~/.ssh] pwd
    /home/nickc/.ssh

    [nickc@hnd20:~/.ssh] ls -lat
    drwx------   2 nickc nickc  4096 Mar 29 21:46 .
    -rw-------   1 nickc nickc   630 Mar 29 14:09 authorized_keys
 
    [nickc@hnd20:~/.ssh] wc authorized_keys
    2   6 630 authorized_keys

Note: Above "authorized_keys" file contains 2 public keys

Configuring Pageant

Pageant can be loaded on demand or can be setup to load when you start Windows.

When Pageant is not running ...

... you can execute the program "pageant.exe" from Windows as follows:

Click on Start and select "All Programs"
 locate PuTTy and move cursor to the right and select Pageant and click on it
  

If you get a small "Pageant Error" icon with the message "Pageant is already running" then click on OK and go to the next subsection "When Pageant is running ...:

Otherwise it will immediately become an icon:

Pageant1.png

Double-click on the icon to get this window:

Pageant2.png

Then press the button "Add key", and choose the ppk file you created with puttygen.exe (see above). It will ask for your passphrase - enter it now. Then press "Close", and you are good to go. As long as the program runs (stays as icon), you can use putty.exe to login to our clusters, and you will not be asked any passwords (or passphrases).

When Pageant is running...

... it means that pageant.exe has already been set up to execute automatically every time you restart Windows - and most probably with an empty passphrase so you do not need to provide the passphrase when you restart Windows.

WinScp

WinScp.exe (the file copy utility; see above) also works with pageant.exe, by default. You simply launch WinScp, and type in the address of the cluster (e.g., orca.sharcnet.ca), your login name, and then click on "Login" - you will be connected to the cluster without been asked for a password or a passphrase - as long as pageant.exe is running.

SSH Secure Shell for Workstations

Some people may have, or prefer, the old SSH Communications Security Corp's SSH Secure Shell for Workstations package. SHARCNET does not recommend this package as it is no longer actively supported or even available.

Installing

A copy of the installer is available here (it was downloaded from here, which does not exist any more). It will install the the SSH Secure Shell Client and Secure File Transfer Client.

Logging in (Secure Shell Client)

Pick Secure Shell Client from Programs, SSH Secure Shell on the Start menu. This will open up the main window

Ssh image 1.GIF

Pick the Quick Connect on top of the banner bar, a pop-up window will open

Ssh image 2.GIF

Enter the full host name of the cluster (portal link) to connect to in the Host Name box (e.g., whale.sharcnet.ca), your SHARCNET user name in the User Name box, and click the Connect button. A window will be up for password

Ssh image 4.GIF

Enter your SHARCNET password and click OK. If succeeded, you have logged on the remote machine.

Ssh image 5.GIF

Transfering files (Secure File Transfer Client)

Pick Secure File Transfer Client from Programs, SSH Secure Shell on the Start menu and login as with the Secure Shell Client. It is also possible to open a session by clicking the New File Transfer icon (4th from the right) on the Secure Shell Client window.

Once connected, your will be presented with a side-by-side listing of your files on your computer (on the left) and the SHARCNET system you connected to (on the right).

Ssh image 7.GIF

To copy files around, drag and drop between the left and right panes.