This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
other:ssh [2023/03/15 14:36] jypeter [Generating ssh keys] Improved |
other:ssh [2023/03/24 16:42] jypeter [Connecting to servers commonly used by LSCE users] Updated IPSL servers info |
||
---|---|---|---|
Line 71: | Line 71: | ||
=== IPSL servers === | === IPSL servers === | ||
- | If you want to connect to the **IPSL servers** (only possible with [[other:ssh#using_ssh_keys|ssh keys]]!): | + | If you want to connect to the [[https://documentations.ipsl.fr/spirit/spirit_clusters/head_nodes.html|IPSL servers]] (only possible with [[other:ssh#using_ssh_keys|ssh keys]]!): |
- | * Connecting to ''ciclad'':\\ ''ssh -A -X my_ciclad_login@ciclad.ipsl.jussieu.fr'' | + | * Connecting to ''spirit1'': |
- | * [[https://documentations.ipsl.fr/MESO_User/Quick_start.html|More details]] | + | * ''ssh -A -X my_meso_login@spirit1.ipsl.fr'' |
+ | * Depending on what you need to do, you can also use ''spirit2'', ''spiritx1'' or ''spiritx2'' | ||
+ | * [[https://documentations.ipsl.fr/spirit/spirit_clusters/head_nodes.html|More details]] | ||
+ | * Note: the ''ciclad'' server may still be accessible when you read this page, but its usage has been deprecated in favor of the ''spirit'' servers | ||
- | === TGCC servers === | + | === TGCC (super)computers === |
- | If you want to connect to the the **TGCC servers**: | + | If you want to use the [[https://www-hpc.cea.fr/tgcc-public/en/html/tgcc-public.html|TGCC computers]] (e.g. ''irene''): |
- | * Connecting to ''irene'': | + | |
- | * Note: you have to go trough ''ssh1'', even if you are on the LSCE network! | + | |
- | * ''ssh -A -X my_LSCE_login@ssh1.lsce.ipsl.fr -t ssh -A -X my_TGCC_login@irene-ccrt.ccc.cea.fr'' | + | |
- | * The [[https://intranet.lsce.ipsl.fr/informatique/en/tgcc.php|TGCC connection details]] may vary, depending on your login type | + | |
- | === IDRIS servers === | + | * Note: you have to go //trough// the ''ssh1'' LSCE gateway to access the TGCC, even if you are on the LSCE wired network! |
+ | * ''ssh -A -X my_LSCE_login@ssh1.lsce.ipsl.fr -t ssh -A -X my_TGCC_login@some_tgcc_login_node'' | ||
+ | * Once you are on a TGCC login node (e.g. ''irene''), you can get lots of information by typing ''<node>.info'' (e.g. ''irene.info'') | ||
+ | * [[https://intranet.lsce.ipsl.fr/informatique/en/tgcc.php|more TGCC connection details]] | ||
+ | |||
+ | === IDRIS (super)computers === | ||
FIXME | FIXME | ||
Line 143: | Line 147: | ||
''ssh'' will store all its **configuration files** in a ''.ssh'' sub-directory of your //home// directory. The configuration files are in a //text// format. | ''ssh'' will store all its **configuration files** in a ''.ssh'' sub-directory of your //home// directory. The configuration files are in a //text// format. | ||
- | * Linux: ''~/.ssh/'' directory | + | * **Linux**: ''~/.ssh/'' directory |
- | * Windows: ''C:\Users\your_windows_login\.ssh'' directory | + | * **Windows**: ''C:\Users\your_windows_login\.ssh'' directory |
- | * Mac: ''/Users/your_mac_login/.ssh'' directory (should be the same path as ''~/.ssh/'') | + | * **Mac**: ''/Users/your_mac_login/.ssh'' directory (should be the same path as ''~/.ssh/'') |
You will find (some of) the following text files: | You will find (some of) the following text files: | ||
Line 287: | Line 291: | ||
==== What are ssh keys and why use them? ==== | ==== What are ssh keys and why use them? ==== | ||
- | //ssh keys// are a combination of two specific (and unique) **text files**, **the private key** file and **the public key** file, linked by a special kind of password called **the passphrase**, that can be used instead of a standard password to connect securely from one server to another server | + | //ssh keys// are a combination of two specific (and unique) **text files**, **the //private// key** file and **the //public// key** file, linked by a special kind of password called **the passphrase**, that can be used instead of a standard password to connect securely from one server to another server |
ssh keys have to be configured properly (a few easy steps), and are **very convenient** because: | ssh keys have to be configured properly (a few easy steps), and are **very convenient** because: | ||
- | * **They** usually **don't expire!**\\ You don't have to change them (except in some extra secure computing centers like TGCC) and you can keep them for years | + | * Contrary to passwords, **they usually don't expire!**\\ You don't have to change ssh keys (except in some extra secure computing centers like TGCC) and you can keep them for years |
* **They don't depend on the accounts and the passwords of the servers where you use them** | * **They don't depend on the accounts and the passwords of the servers where you use them** | ||
- | * You can (and should!) use the same set of ssh keys on several servers: you can then use the same passphrase to access these servers, rather than having to memorize different passwords\\ e.g. if you have your private key on ''account_A'' of ''server_A'' and install the matching public key on ''account_B'' of ''server_B'', etc... you can then use ''ssh'' on ''account_A@server_A'' to access ''account_B@server_B'', ''account_C@server_C'', ... with the same passphrase ! | + | * You can (and should!) use the same set of ssh keys on several servers: you can then use the **same** passphrase to access all these servers, rather than having to memorize different passwords\\ e.g. if you have your //private// key on ''account_A'' of ''server_A'' and install the matching //public// key on ''account_B'' of ''server_B'', etc... you can then use ''ssh'' on ''account_A@server_A'' to access ''account_B@server_B'', ''account_C@server_C'', ... with the **same** passphrase ! |
- | * You can give your public key to somebody and then access their account using your own passphrase (no need to know the password of the other person) | + | * **You can give your public key** to somebody and then access their account using your own passphrase (no need to know the password of the other person) |
* The [[https://mesocentre.ipsl.fr/|IPSL Mésocentre ESPRI]] servers can **only** be accessed with a public key and passphrase (the password is not used) | * The [[https://mesocentre.ipsl.fr/|IPSL Mésocentre ESPRI]] servers can **only** be accessed with a public key and passphrase (the password is not used) | ||
- | * By default, ''ssh'' will ask you to type your passphrase each time you connect to a server, but **you can use an //ssh agent// to securely store your passphrase for you**\\ Once you have typed your passphrase in the //ssh agent//, you can connect to all the servers that have your public key without having to type your passphrase! | + | |
- | * ''scp'' (and [[other:win10apps#winscp|WinSCP]]) and the tools using ''ssh'' on your local computer will not ask your passphrase, if they find the passphrase in a running //ssh agent// on the local computer | + | * By default, ''ssh'' will ask you to type your passphrase each time you connect to a server, but **you can [[other:ssh#using_an_ssh_agent|use an ssh agent]] to securely store your passphrase for you**\\ Once you have typed your passphrase in the //ssh agent//, you can connect to all the servers that have your public key without having to type your passphrase! |
+ | * ''scp'' (and [[other:win10apps#winscp|WinSCP]] on Windows) and the tools using ''ssh'' on your local computer will not ask your passphrase, if they find the passphrase in a running //ssh agent// on the local computer | ||
* if you use the ''-A'' option ([[other:ssh#most_common_options|agent forwarding]]), the remote server will also //know// (securely) your passphrase, and you will not have to type the passphrase when using ''ssh'', ''scp'' and tools running //over ssh// on the remote server(s) | * if you use the ''-A'' option ([[other:ssh#most_common_options|agent forwarding]]), the remote server will also //know// (securely) your passphrase, and you will not have to type the passphrase when using ''ssh'', ''scp'' and tools running //over ssh// on the remote server(s) | ||
- | * the local //ssh agent// is terminated when you log out of your local computer (or reboot it) | + | * the local //ssh agent// is terminated when you log out of your local computer (or reboot the computer) |
==== Generating ssh keys ==== | ==== Generating ssh keys ==== | ||
Line 347: | Line 354: | ||
=== Generating or importing keys with PuTTY (Windows) === | === Generating or importing keys with PuTTY (Windows) === | ||
- | Read [[other:putty_conf#converting_existing_ssh_keys_with_puttygen|Converting existing ssh keys with PuTTYgen]] or [[other:putty_conf#creating_ssh_keys_with_puttygen|Creating ssh keys with PuTTYgen]] | + | Read [[other:putty_conf#converting_existing_ssh_keys_with_puttygen|Converting existing ssh keys with PuTTYgen]], or [[other:putty_conf#creating_ssh_keys_with_puttygen|Creating ssh keys with PuTTYgen]] |
==== Installing ssh keys ==== | ==== Installing ssh keys ==== |