start:mogon_cluster:access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
start:mogon_cluster:access [2020/07/17 11:44]
meesters [Generating a new SSH-Key using Linux or macOS]
start:mogon_cluster:access [2021/03/18 14:14] (current)
jrutte02 [Access]
Line 1: Line 1:
 ====== Accessing MOGON ====== ====== Accessing MOGON ======
  
-<grid> +
-<col lg="9" md="9" sm="9" xs="9"> +
-<alert type="danger" dismiss="true" icon="fa fa-warning">**Warning!** Due to changed settings on MOGON as a result of the security incident, this article may need to be revised. +
-</alert> +
-</col> +
-</grid>+
  
 Essentially only accounts of the Johannes Gutenberg University can get access. Essentially only accounts of the Johannes Gutenberg University can get access.
Line 15: Line 10:
  
 ===== Access ===== ===== Access =====
 +
 +<callout type="tip" title="Remote Access" icon="true">
 +Since the MOGON clusters are Linux-based systems, remote access is granted via ''SSH''.
 +</callout>
 +To access MOGON refer to these instructions:
 +**[[:start:mogon_cluster:access_from_outside_unix|access MOGON using Linux/macOS]] / [[:start:mogon_cluster:access_from_outside_windows|access MOGON using Windows]]**. The latter link contains information for accessing MOGON with ''PuTTY'', ''MobaXterm'' and ''PowerShell''.
 +
 +The login nodes of **MOGON II** are ''miil01.zdv.uni-mainz.de'' to ''miil03.zdv.uni-mainz.de''
 +
  
 <grid> <grid>
-<col lg="6" md="12" sm="12" xs="12"> +<col lg="6" md="6" sm="6" xs="12"> 
-Since the MOGON clusters are Linux-based systems, remote access is granted via SSH.+<callout type="danger" title="Login" icon="true"> 
 +Only password-less login is available. 
 +</callout> 
 +</col> 
 +<col lg="6" md="6" sm="6" xs="12"> 
 +<callout type="warning" icon="true" title="SSH-Key"> 
 +You **need to have your SSH-Key** uploaded on [[https://account.uni-mainz.de/sshkey|account.uni-mainz.de/sshkey]] to be able to log in to MOGON((A neat overview on ssh-keys and how to generate and copy them can be found [[https://www.ssh.com/ssh/copy-id|here]]. Or you can follow our [[start:mogon_cluster:access#how_to_set_up_ssh-keys_for_mogon|guideline]])).
  
-The MOGON login nodes are accessible only from the university network. To access MOGON from the outside (e.g. from home) you have to use VPN - please refer to these instructions: \\ +Your SSH-Key is automatically added to the MOGON clusterWould You Like To Know More? Read this [[start:mogon_cluster:basic_authentication#add_ssh-key_to_mogon|Article]]
-**[[:start:mogon_cluster:access_from_outside_unix|(Outside) access using Unix]] / [[:start:mogon_cluster:access_from_outside_windows|(Outside) access using Windows]]**. The latter link contains information for accessing MOGON with PuTTY and MobaXterm.+</callout> 
 +</col>
  
-Login to the login-nodes is mediated by a jump node: Access is done with direct login (ssh) to "''mogon''". This name implements a 'Round-Robin-DNS' login to both login nodes of MOGON I, ''mil01.zdv.uni-mainz.de'' and ''mil02.zdv.uni-mainz.de''. If for some reason you want to login to a specific login node, you can use this names directly. (or if for some other Reason one of the nodes is broken, and the DNS always gives you the wrong, broken one to connect to)+</grid>
  
-The login nodes of **MOGON II** are ''miil01.zdv.uni-mainz.de'' to ''miil03.zdv.uni-mainz.de''. Projects on MOGON I do not have access to MOGON II automatically. You have to apply for MOGON I and MOGON II separately. Only password-less login is available. 
  
-</col> 
-<col lg="6" md="12" sm="12" xs="12"> 
 === MOGON Service Nodes Overiew === === MOGON Service Nodes Overiew ===
 <datatable info="false" paging="false" searching="false"> <datatable info="false" paging="false" searching="false">
-^ Service Node ^ FQDN ^ Cluster ^ Description^ +^ Service Node ^ FQDN ^ Description^ Fingerprint 
-| ''login21'' | ''miil01.zdv.uni-mainz.de'' | MOGON II | Login Node | +| ''login21'' | ''miil01.zdv.uni-mainz.de'' | Login Node | MD5:''a6:a1:d2:13:df:2b:59:91:2f:e1:a5:50:1c:f1:b0:b4'' \\ SHA256:''eu8N17/EHw0pwvUVT6Htm7yek54t8s8QdRN+A92sjek''   
-| ''login22'' | ''miil02.zdv.uni-mainz.de'' | MOGON II | Login Node | +| ''login22'' | ''miil02.zdv.uni-mainz.de'' | Login Node | MD5:''3d:90:0e:fa:ce:b1:db:6d:22:ff:6c:94:d0:fe:2d:34'' \\ SHA256:''WcJllAYU8qNcm31WLeg892JHbuczesfWVM5bTmtaisA''
-''login23'' ''miil03.zdv.uni-mainz.de'' | MOGON II | Login Node +| ''login23'' | ''miil03.zdv.uni-mainz.de'' | Login Node | MD5:''dc:e7:9f:c9:3b:13:cc:3a:65:ce:15:5d:8d:b1:9b:71'' \\ SHA256:''v5wiJI/jBTqpYF/g07VMH7WVesbVaovYTcT/MpgcWhc''
-| ''login01'' | ''mil01.zdv.uni-mainz.de'' | MOGON I | Login Node | +| ''hpcgate'' | ''hpcgate.zdv.uni-mainz.de'' | Jump Host | MD5:''63:67:65:76:5f:ad:fb:20:f2:68:92:cf:d5:49:2c:dc'' \\ SHA256:''CNbkj04hEuJ9IwgGkTBXbF1WtE/Nb46kPVSejKUGfRU'' |
-''login02'' ''mil02.zdv.uni-mainz.de'' | MOGON I | Login Node +
-| ''hpcgate'' | ''hpcgate.zdv.uni-mainz.de'' | MOGON | Jump Host |+
 </datatable> </datatable>
-</col> +<callout type="info" icon="true" title="Service-Node FQDN"> 
-</grid> +If you access MOGON Service-Nodes through the ''HPCGATE'' you can omit ''zdv.uni-mainz.de'', e.g.: for ''login21'' ''miil01'' is sufficient.
- +
- +
-<callout type="warning" icon="true" title="SSH-Key"> +
-You **need to have your SSH-Key** uploaded on [[https://account.uni-mainz.de/sshkey|account.uni-mainz.de/sshkey]] to be able to log in to MOGON((A neat overview on ssh-keys and how to generate and copy them can be found [[https://www.ssh.com/ssh/copy-id|here]]. Or you can follow our [[start:mogon_cluster:access#how_to_set_up_ssh-keys_for_mogon|guideline]])). +
- +
-Your SSH-Key is automatically added to the MOGON clustersWould You Like To Know More? Read this [[start:mogon_cluster:basic_authentication#add_ssh-key_to_mogon|Article]]!+
 </callout> </callout>
  
Line 66: Line 66:
 <code bash>ssh-keygen -t rsa -b 4096 -C "HPCGATE,HPCLOGIN"</code> <code bash>ssh-keygen -t rsa -b 4096 -C "HPCGATE,HPCLOGIN"</code>
  
-Please note: The part ''-C "HPCGATE,HPCLOGIN"'' creates the mandatory comment, which can be pasted into the web form. This generates a new private/public ''RSA'' key pair with ''4096 bit'' key size. Then ''ssh-keygen'' asks for a name for the key.+This generates a new private/public ''RSA'' key pair with ''4096 bit'' key size. \\ {{fa>hand-o-right?fw}} Please note: The part ''-C "HPCGATE,HPCLOGIN"'' creates the mandatory comment, which can be pasted into the web form. {{fa>hand-o-left?fw}} \\ Then ''ssh-keygen'' asks for a name for the key. 
  
 <code>Enter a file in which to save the key (/home/you/.ssh/id_rsa): [Press enter] </code> <code>Enter a file in which to save the key (/home/you/.ssh/id_rsa): [Press enter] </code>
  
-After that you have to specify a passphrase - **Do not** use an empty passphrase!+After that you have to specify a passphrase - {{fa>warning?fw}} **use a passphrase!** {{fa>warning?fw}}. An empty passphrase is a serious security concern. 
  
 <code bash>Enter passphrase (empty for no passphrase): [Type a passphrase] <code bash>Enter passphrase (empty for no passphrase): [Type a passphrase]
 Enter same passphrase again: [Type passphrase again] </code> Enter same passphrase again: [Type passphrase again] </code>
  
-If you already have an SSH-Key pair, you can change the comment as follows, for example to add the ''HPCGATE,HPCLOGIN'' string: +In this case you deviate from the default names and you ought make your ''ssh-agent'' aware of it:
- +
-<code bash>  +
-ssh-keygen -t rsa -b 4096 -C "HPCGATE,HPCLOGIN" -f ~/Path/To/Your/PrivateKey +
-</code> +
- +
-In this case you deviate from the default names and you ought make your ssh-agent aware of it:+
 <code bash> <code bash>
 ssh-add ~/Path/To/Your/PrivateKey ssh-add ~/Path/To/Your/PrivateKey
 </code> </code>
  
-If you have forgotten to append the comment string you can add this to an existing key with+=== Modify existing SSH-Keys === 
-<code bash> +If you already have an SSH-Key pair, you can change the comment as follows, for example to add the ''HPCGATE,HPCLOGIN'' string if you have forgotten to append it: 
-ssh-keygen -c -C "HPCGATE,HPCLOGIN" -f ~/path/to/key/which/is/to/be/commented/on+ 
 +<code bash>  
 +ssh-keygen -c -C "HPCGATE,HPCLOGIN" -f ~/Path/To/Your/PrivateKey
 </code> </code>
  
  
  
-==== Generating a new SSH-Key using Windows and PuTTY ==== 
  
-<callout type="info" icon="true"> PuTTY must already be installed on your PC in order to follow these instructions. </callout> 
  
  
-  - Press the {{fa>windows?fw}}-Key to open the start menu and type ''PuTTYgen'', click on the App to open it. Now the PuTTY Key Generator window should be displayed..\\ <image shape="thumbnail">{{:start:mogon_cluster:puttygen_1.png?450&nolink}}</image>  +==== Generating a new SSH-Key using Windows ==== 
-  - To create a new key pair, first select the type of the key to generate from the bottom. We recommend the ''RSA'' algorithm and ''4096 bit'' key size. \\ <image shape="thumbnail">{{:start:mogon_cluster:puttygen_2.png?450&nolink}}</image> + 
-  Now click on ''Generate'' and start moving the mouse within the Window, to let PuTTY collect some randomness for the Key. +<callout type="tipicon="truetitle="Set up SSH-Keys for MOGON using Windows"> We have created an article for you <button type="info" icon="fa fa-key" size="xs">[[start:mogon_cluster:access_from_outside_windows:creating_sshkeys_on_windows|here]]</buttonthat explains various ways to create new SSH-Keys using Windows, including ''PuTTY''''MobaXterm'' and ''PowerShell''</callout>
-    * Once the progress bar is full, the actual key generation takes place. Your public key should be appear in the windows once the compution is complete. +
-  - Now you have to specify a ''Passphrase'' and add a ''Comment'' for your SSH-Key. Make sure you add the ''HPCGATE,HPCLOGIN'' string, to specify the purpose of your key. \\ <image shape="thumbnail">{{:start:mogon_cluster:puttygen_3.png?450&nolink}}</image> +
-  - Click on the ''Save private key'' button to save your private key. {{fa>warning?fw}} You **must** save your private key.  +
-  Now click on the ''Save public key'' button to save your public key. +
-  - Right-click in the text field labeled **Public key for pasting into OpenSSH authorized_keys file:** and choose ''Select All/Alle auswählen''.  +
-  - Right-click again in the same field and choose ''Copy/Kopieren''. +
-  - Browse to [[https://account.uni-mainz.de/sshkey|account.uni-mainz.de]] and add your new public SSH-Key. You will find further information in [[:start:mogon_cluster:basic_authentication#add_ssh-key_to_mogon|this Article]].+
  
  
  • start/mogon_cluster/access.1594979074.txt.gz
  • Last modified: 2020/07/17 11:44
  • by meesters