Comparaison des versions

Ancienne version 29

changes.mady.by.user Winger, Katja

Sauvegardée le

comparé à

Nouvelle version Actuel

changes.mady.by.user Winger, Katja

Sauvegardée le

Légende

  • Ces lignes ont été ajoutées. Ce mot a été ajouté.
  • Ces lignes ont été supprimées. Ce mot a été supprimé.
  • La mise en forme a été modifiée.

...

Replace 'username' with your username on Narval. The 'narval' above is just a name given to this "host". You can put here any name you like that does not already exist in your ~/.ssh/config. The '10m' means that you will be able to log in without authentication up to 10 minutes after you closed your last connection to Narval from the same machine. Possible time units for ControlPersist are:

    none: seconds, s | S : seconds, m | M: minutes, h | H: hours, d | D: days, w | W: weeks

Combinations are also possible, for example: 1h30m → 1 hour 30 minutes (90 minutes)

Windows users

Check out the wiki of The Alliance:  Multifactor authentication

...

First you need to contact The Alliance (support@tech.alliancecan.ca) and ask them to "add your username to the group which is allowed to use the robot nodes" and tell them what which commands you want to execute (for example 'rsync' or 'squeue' etc.) and what tools or libraries you will be using to manage the automation. They should get back to you with more information - or questions.

...

When prompted with the question "Enter file in which to save the key (/home/username/.ssh/id_ed25519):" you can either just press enter or change the name to, for example:

    ~/.ssh/ id_ed25519_transfer)

When asked for a passphrase and to repeat it you can just press enter. After this you should have the following two new files:

...

Log in on the following CCDB web site:
    https://ccdb.alliancecan.ca/ssh_authorized_keys

Paste In the box in which you are supposed to copy your public SSH key (the content of the file ending on *.pub) in the field indicated. Then precede what you just pasted by"Your key will typically start with ..." resp. "Le début de la clé est habituellement ...") first enter the following:

Volet
restrict,from="IP_address",command="command"

Where "IP_address" is the IP address from which you want to connect and "command" is the command you would like to execute. The Alliance already provides a number of wrapper scripts which allow common actions. Have a look at their wiki:  Automation in the context of multifactor authentication under "Convenience wrapper scripts to use for command=".

Just after the above, only separated by a space, copy-paste the content of your public SSH key (the content of the file ending on *.pub).

For example, if you want to do automated transfers from Narval to UQAM or vice versa, you should put something like:
   

Volet

restrict,from="132.208.147.*,132.208.132.239",command="/cvmfs/soft.computecanada.ca/custom/bin/computecanada/allowed_commands/transfer_commands.sh" full_content_of_public_SSH_key

...