start:mogon_cluster:access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
start:mogon_cluster:access [2020/07/15 14:37]
jrutte02 [Generating a new SSH-Key using Linux or macOS]
start:mogon_cluster:access [2021/03/18 14:14] (current)
jrutte02 [Access]
Line 1: Line 1:
-===== Account =====+====== Accessing MOGON ====== 
  
-<grid> 
-<col lg="9" md="9" sm="9" xs="9"> 
-<alert type="danger" dismiss="true" icon="fa fa-warning">**Warning!** Due to changed settings on MOGON as a result of the security incident, this article may need to be revised. 
-</alert> 
-</col> 
-</grid> 
  
 Essentially only accounts of the Johannes Gutenberg University can get access. Essentially only accounts of the Johannes Gutenberg University can get access.
Line 16: Line 11:
 ===== Access ===== ===== Access =====
  
-Since the MOGON clusters are Linux-based systems, remote access is granted via SSH.+<callout type="tip" title="Remote Access" icon="true"> 
 +Since the MOGON clusters are Linux-based systems, remote access is granted via ''SSH''
 +</callout> 
 +To access MOGON refer to these instructions: 
 +**[[:start:mogon_cluster:access_from_outside_unix|access MOGON using Linux/macOS]] / [[:start:mogon_cluster:access_from_outside_windows|access MOGON using Windows]]**. The latter link contains information for accessing MOGON with ''PuTTY'', ''MobaXterm'' and ''PowerShell''.
  
-The MOGON login nodes are accessible only from the university networkTo access MOGON from the outside (e.gfrom home) you have to use VPN please refer to these instructions: \\ +The login nodes of **MOGON II** are ''miil01.zdv.uni-mainz.de'' to ''miil03.zdv.uni-mainz.de''
-**[[:start:mogon_cluster:access_from_outside_unix|(Outside) access using Unix]] / [[:start:mogon_cluster:access_from_outside_windows|(Outside) access using Windows]]**The latter link also contains information for internal access with Windows.+
  
-Login to the login-nodes is mediated by a jump node: Access is done with direct login (ssh) to "''mogon''". This name implements a 'Round-Robin-DNS' login to both login nodes of MOGON I, ''mil01.zdv.uni-mainz.de'' and ''mil02.zdv.uni-mainz.de''. If for some reason you want to login to a specific login node, you can use this names directly. (or if for some other Reason one of the nodes is broken, and the dns always gives you the wrong, broken one to connect to) 
  
-The login nodes of **MOGON II** are ''miil01.zdv.uni-mainz.de'' to ''miil03.zdv.uni-mainz.de''. Projects on MOGON I do not have access to MOGON II automatically. You have to apply for MOGON I and MOGON II separately. Only password-less login is available. You **need to have your ssh-key((A neat overview on ssh-keys and how to generate and copy them can be found [[https://www.ssh.com/ssh/copy-id|here]].))** on MOGON I to be able to log in to MOGON II+<grid> 
 +<col lg="6" md="6" sm="6" xs="12"> 
 +<callout type="danger" title="Login" icon="true"> 
 +Only password-less login is available. 
 +</callout> 
 +</col> 
 +<col lg="6" md="6" sm="6" xs="12"> 
 +<callout type="warning" icon="true" title="SSH-Key"> 
 +You **need to have your SSH-Key** uploaded on [[https://account.uni-mainz.de/sshkey|account.uni-mainz.de/sshkey]] to be able to log in to MOGON((A neat overview on ssh-keys and how to generate and copy them can be found [[https://www.ssh.com/ssh/copy-id|here]]. Or you can follow our [[start:mogon_cluster:access#how_to_set_up_ssh-keys_for_mogon|guideline]])).
  
-The **accelerators (GPUs) of MOGON II reside within MOGON I** infrastructure that is to say you have to login to MOGON I but use your MOGON II account (-A m2_*) to have access to those accelerators.+Your SSH-Key is automatically added to the MOGON cluster. Would You Like To Know More? Read this [[start:mogon_cluster:basic_authentication#add_ssh-key_to_mogon|Article]]! 
 +</callout> 
 +</col> 
 + 
 +</grid>
  
-<callout type="warning" icon="true"> 
-You **need to have your ssh-key** on MOGON I to be able to log in to MOGON II. (RSA authentication)!  
  
-Your home directory is on the same file system on both clustersIn order to access MOGON II, you need to copy your ssh-key once to your home directory on MOGON I (''~/.ssh'').+=== MOGON Service Nodes Overiew === 
 +<datatable info="false" paging="false" searching="false"> 
 +^ Service Node ^ FQDN ^ Description^ Fingerprint ^ 
 +| ''login21'' | ''miil01.zdv.uni-mainz.de'' | Login Node | MD5:''a6:a1:d2:13:df:2b:59:91:2f:e1:a5:50:1c:f1:b0:b4'' \\ SHA256:''eu8N17/EHw0pwvUVT6Htm7yek54t8s8QdRN+A92sjek''   | 
 +| ''login22'' | ''miil02.zdv.uni-mainz.de'' | Login Node | MD5:''3d:90:0e:fa:ce:b1:db:6d:22:ff:6c:94:d0:fe:2d:34'' \\ SHA256:''WcJllAYU8qNcm31WLeg892JHbuczesfWVM5bTmtaisA''
 +| ''login23'' | ''miil03.zdv.uni-mainz.de'' | Login Node | MD5:''dc:e7:9f:c9:3b:13:cc:3a:65:ce:15:5d:8d:b1:9b:71'' \\ SHA256:''v5wiJI/jBTqpYF/g07VMH7WVesbVaovYTcT/MpgcWhc''
 +| ''hpcgate'' | ''hpcgate.zdv.uni-mainz.de'' | Jump Host | MD5:''63:67:65:76:5f:ad:fb:20:f2:68:92:cf:d5:49:2c:dc'' \\ SHA256:''CNbkj04hEuJ9IwgGkTBXbF1WtE/Nb46kPVSejKUGfRU''
 +</datatable> 
 +<callout type="info" icon="true" title="Service-Node FQDN"> 
 +If you access MOGON Service-Nodes through the ''HPCGATE'' you can omit ''zdv.uni-mainz.de'', e.g.: for ''login21'' ''miil01'' is sufficient.
 </callout> </callout>
  
Line 38: Line 54:
  
 <callout type="tip" icon="true" title="MOGON SSH-Key comment additions"> <callout type="tip" icon="true" title="MOGON SSH-Key comment additions">
-Make sure you add the following strings to your SSH-Key after your actual comment, to specify the prupose:\\+Make sure you add the following strings to your SSH-Key as part of your comment, to specify the purpose:\\
  
-^ Purpose ^ MOGON String ^+^ Purpose ^ Comment String related to MOGON Access ^
 | Using the jump host ''hpcgate'' | ''HPCGATE'' | | Using the jump host ''hpcgate'' | ''HPCGATE'' |
 | Log in to MOGON service nodes | ''HPCLOGIN'' | | Log in to MOGON service nodes | ''HPCLOGIN'' |
Line 48: Line 64:
 In case you not yet have an SSH-Key pair on your computer, you can use the following command to create a new pair: In case you not yet have an SSH-Key pair on your computer, you can use the following command to create a new pair:
  
-<code bash>ssh-keygen -t rsa -b 4096 -a 100 -C <YourComment>,<MOGON-String></code>+<code bash>ssh-keygen -t rsa -b 4096 -C "HPCGATE,HPCLOGIN"</code> 
 + 
 +This generates a new private/public ''RSA'' key pair with ''4096 bit'' key size. \\ {{fa>hand-o-right?fw}} Please note: The part ''-C "HPCGATE,HPCLOGIN"'' creates the mandatory comment, which can be pasted into the web form. {{fa>hand-o-left?fw}} \\ Then ''ssh-keygen'' asks for a name for the key. 
  
-This generates a new private/public ''RSA'' key pair with ''4096 bit'' key size. Then ''ssh-keygen'' asks for a name for the key (stay with the default if you don't have a good reason) 
 <code>Enter a file in which to save the key (/home/you/.ssh/id_rsa): [Press enter] </code> <code>Enter a file in which to save the key (/home/you/.ssh/id_rsa): [Press enter] </code>
  
-After that you have to specify a passphrase - **Do not** use an empty passphrase!+After that you have to specify a passphrase - {{fa>warning?fw}} **use a passphrase!** {{fa>warning?fw}}. An empty passphrase is a serious security concern. 
  
 <code bash>Enter passphrase (empty for no passphrase): [Type a passphrase] <code bash>Enter passphrase (empty for no passphrase): [Type a passphrase]
 Enter same passphrase again: [Type passphrase again] </code> Enter same passphrase again: [Type passphrase again] </code>
 +
 +In this case you deviate from the default names and you ought make your ''ssh-agent'' aware of it:
 +<code bash>
 +ssh-add ~/Path/To/Your/PrivateKey
 +</code>
 +
 +=== Modify existing SSH-Keys ===
 +If you already have an SSH-Key pair, you can change the comment as follows, for example to add the ''HPCGATE,HPCLOGIN'' string if you have forgotten to append it:
 +
 +<code bash> 
 +ssh-keygen -c -C "HPCGATE,HPCLOGIN" -f ~/Path/To/Your/PrivateKey
 +</code>
 +
 +
  
  
-==== Generating a new SSH-Key using Windows and PuTTY ==== 
  
-<callout type="info" icon="true"> PuTTY must already be installed on your PC in order to follow these instructions. </callout> 
  
 +==== Generating a new SSH-Key using Windows ====
  
-  - Press the {{fa>windows?fw}}-Key to open the start menu and type ''PuTTYgen'', click on the App to open it. Now the PuTTY Key Generator window should be displayed..\\ <image shape="thumbnail">{{:start:mogon_cluster:puttygen_1.png?450&nolink}}</image>  +<callout type="tipicon="true" title="Set up SSH-Keys for MOGON using Windows"> We have created an article for you <button type="info" icon="fa fa-key" size="xs">[[start:mogon_cluster:access_from_outside_windows:creating_sshkeys_on_windows|here]]</buttonthat explains various ways to create new SSH-Keys using Windows, including ''PuTTY''''MobaXterm'' and ''PowerShell''</callout>
-  - To create a new key pair, first select the type of the key to generate from the bottom. We recommend the ''RSA'' algorithm and ''4096 bit'' key size. \\ <image shape="thumbnail">{{:start:mogon_cluster:puttygen_2.png?450&nolink}}</image> +
-  Now click on ''Generate'' and start moving the mouse within the Window, to let PuTTY collect some randomness for the Key. +
-    * Once the progress bar is full, the actual key generation takes place. Your public key should be appear in the windows once the compution is complete. +
-  - Now you have to specify a ''Passphrase'' and add a ''Comment'' for your SSH-Key. Make sure you add the ''MOGON-String'', to specify the purpose of your key. \\ <image shape="thumbnail">{{:start:mogon_cluster:puttygen_3.png?450&nolink}}</image> +
-  - Click on the ''Save private key'' button to save your private key. {{fa>warning?fw}} You **must** save your private key.  +
-  Now click on the ''Save public key'' button to save your public key. +
-  - Right-click in the text field labeled **Public key for pasting into OpenSSH authorized_keys file:** and choose ''Select All/Alle auswählen''.  +
-  - Right-click again in the same field and choose ''Copy/Kopieren''. +
-  - Browse to [[https://account.uni-mainz.de/sshkey|account.uni-mainz.de]] and add your new public SSH-Key. You will find further information in [[:start:mogon_cluster:basic_authentication#add_ssh-key_to_mogon|this Article]].+
  
  
  • start/mogon_cluster/access.1594816673.txt.gz
  • Last modified: 2020/07/15 14:37
  • by jrutte02