Use of FutureSystems¶
Overview¶
This section describes using SSH on and with FutureSystems.
There are two ways SSH is used:
- providing access to FutureSystems resources
- once logged into FutureSystems, get access to OpenStack images and running instances.
Since all assignments and lessons will be done on FutureSystems, it is important that you can log on. Whether you are starting from Windows, Mac OS X, or Linux, only a few steps are needed.
Once you can log into india.futuresystems.org
, SSH keys are used
to manage access to OpenStack. At this point your computer is just a
client to access FutureSystems resources. All commands are executed on
FutureSystems.
The steps, describes below, are:
- get and account with FutureSystems (portal)
- join a project (portal)
- upload SSH public key (computer -> portal)
- log into FutureSystems (computer ->
india
) - manage keys for OpenStack (
india
-> VM)
Getting an Account¶
In order to use FutureSystems you will need to get an account.
Important
Make sure you have cookies enabled or you will not be able to log in to your account.
- Navigate to FutureSystems.org.
- Click on
Register
at the top near the search bar - Fill out the information. Asterisk-denoted (
*
) fields are required. - Please be patient after clicking the ``Create new account` button. It may take one or two business day for the account to be approved.
- Once your account is approved you will receive an email.
Important
At this point you will not be able to use any
FutureSystems resources. You will need to join a project and
enable remote login to do so. Only when the status is all green in
the My FutureGrid HPC account status
of your portal account
information will you have access to resources.
Tip
Please see Section Creating FutureSystems Accounts and Projects for additional details.
Join a Project¶
Now that you have a FutureSystems account you will need to join a project.
- Navigate to FutureSystems.org and log into your account.
- Click on the appropriate project name
- Click on the
Join the project
link on the right hand side. - Upon approval you will receive an email.
Tip
FG491: I590 Projects on Big Data Software Spring 2016 - Geoffrey Fox
Remote Login¶
Important
All coursework will be done on your FutureSystems account on
india
. You will to use PuTTY to access india
and then you
can follow along with the other instructions.
In order to login into your account on FutureSystems you will need:
- an account on FutureSystems (see above)
- an SSH client
Linux and OSX¶
We assume that Linux users are familiar on how to start a terminal. On Mac OS X open a terminal via Applications –> Utilities –> Terminal. Alternatively you can search for the term “terminal” in the spotlight search and locate the terminal application and click on it.
To proceed you will need to know your FutureSystems Portalname and Project ID.
For this example we assume you have set the shell variable PORTALNAME to your FutureSystems portal username. This can be done as follwows. Let us assume your portal name is albert. Than you can set it with:
export PORTALNAME=albert
We also assume that you have a project id that you set to:
export PROJECTID=fg101
if it is the number 101. Once you have set up your portal name you can log in via:
$ ssh $PORTALNAME@india.futuresystems.org
Naturally, you could also directly place your portal name into the command. Thus if your portalname would be albert, you could do alternatively to the above command:
$ ssh $PORTALNAME@india.futuresystems.org
Tip
Please see Section Using SSH Keys for details on configuring and using an SSH client.
Windows¶
In order to SSH into your FutureSystems account on Windows, you will need to install PuTTY and PuTTYgen from the PuTTY project page
Generate an key using PuTTYgen:
- open the application
puttygen.exe
- press “Generate”
- enter a desired passphrase (make sure they match!)
- save the private and public keys
- copy the displayed public key
You can now upload your public key to the FutureSystems portal.
To connect, open putty.exe
and go to Connection —> SSH —>
Auth on the left and browse to add the private key. Then go to the
Session category and enter india.futuresystems.org
for the Host
Name and click “Open”. This will launch a terminal and allow you to
connect using the passphrase specified in puttygen.exe
.
Useful SSH commands¶
The following is a short list of useful SSH commands.
Change the password¶
You can change the password for the key by using the the -p
flag.
For example:
$ ssh-keygen -p
Change the comment¶
You can change the comment of an key by modifying the public key file. For example, Ada Lovelace wishes to replace an uninformative comment with her email address. She would execute the following:
$ cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3N.... this is not informative
$ nano ~/.ssh/id_rsa.pub
$ cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3N.... lovelace@gmail.com
Show fingerprint¶
The fingerprint of a key can be used to authenticate the validity of
the key. For example, if Ada were to share his public key with Albert
Einstein, she would transmit the key. Albert could then compute the
fingerprint and ensure that it matches. To do so, Albert would save
the key to ~/.ssh/$PORTALNAME-key
and execute:
$ ssh-keygen -l -f ~/.ssh/$PORTALNAME-key.pub
2048 6c:52:54:20:b9:85:04:d4:30:46:48:c7:c4:bc:fe:c7 lovelace@gmail.com (RSA)
FutureSystems, for instance, uses fingerprints to identify keys once they have been uploaded. You may see this fingerprint on the FutureSystems portal.
Delete a known host¶
Whenever you log into a new machine via SSH, the host key of the
destination machine is added to ~/.ssh/known_hosts
.
The next time you try to log in this key will be checked.
If it has changed you will need to remove the entry before attempting
to log back in.
Note
The host key may change if the machine undergoes a major upgrade or change. Another reason may be that a third party is performing a man-in-the-middle attack.
To remove a key for india.futuresystems.org
from ~/.ssh/known_hosts
:
$ ssh-keygen -R india.futuresystems.org
SSH¶
Secure Shell, or SSH, is a protocol for securely connecting to a Shell on a remote computer.
Tip
See Section Shell for more details on what a shell is and how to use it.
This security is accomplished by encrypting the data that is sent
between the two endpoints. In order for this communication to be
considered “safe”, the machines need to identify each other. The
identity is usually accomplished through the use of a key file,
which usually comes in pairs: a public key and a private key.
This is usually called a key pair. On Mac OS X and Linux a key
pair can be created using the ssh-keygen
command. You can test this out by
opening a terminal and entering the following:
$ ssh-keygen -f ~/test_identity
What this does is actually create two file:
~/test_identity
~/test_identity.pub
The second file, ending in .pub
, is the public key and needs to be
shared with the machines you wish to access. In the case of
FutureSystems, you add the public key to your SSH Keys. In the case of
GitHub (see Section Using Git and GitHub for collaboration) you add it to your account.
Caution
Never share the private key with anyone. This is used to identify you and can be used to completely regenerate the public key. Try it for yourself with, if you like to generate a public key from your private key:
$ ssh-keygen -y -f ~/test_identity
and compare the key string with the original public key
~/test_identity.pub
Tip
A good practice for managing SSH keys is to create a key pair on each machine you use and to add a comment indicating your contact information and the machine this key belongs to, for example:
$ ssh-keygen -C 'host:relativity contact:albert@gmail.com'
In the above the comment is specified with the -C
flag and the
body of the comment is within the single quotes.
The contact information is useful when sharing the key with others as it helps them understand who you are.
The host information is useful for you if you have multiple machines.
Lab - Account Applications¶
For this exercise, you need to log into your FutureSystems account. On Windows, use the PuTTY program. On Mac OS X use the Terminal application.
Execute the following commands:
whoami
uname -a
pwd