ISSH
Category: Tools-Grid
GSI-OpenSSH is a modified version of OpenSSH that adds support for GSI authentication and credential forwarding (delegation), providing a single sign-on remote login and file transfer service.
This is only supported on Kraken with the kraken-gsi nodes.
GSISSH is part of globus and as such you must load the globus module to have gsissh in your path.
The RSA One-Time Password is the preferred way to log in to Kraken since it is the most secure and it allows access to other NICS HPSS without further authentication. When this method is unavailable, GSISSH can be used as an alternative. More information on myproxy
and grid authentication may be found here.
There are several ways to use GSISSH depending on where you are coming from and preference:
The simplest way to access Kraken is to use the SSH terminal on the TeraGrid Portal
You can use myproxy
with a similar method:
myproxy.teragrid.org
uses your TeraGrid password, myproxy.ncsa.uiuc.edu
uses your NCSA password. The applet runs in your browser, the "Web Start Version" starts a standalone Java GUI.kraken-gsi.nics.utk.edu
in the pop-up box.Linux, Unix, Mac: If you already use a POSIX environment, you could install a Globus client on your machine, which would allow you to use GSISSH as you would use SSH. You can try the beta installer for the TeraGrid Client Toolkit (TCT). Some versions of Linux require some tweaking, this should be described in the README, there have also been some issues with Mac OSX, apparently due to a bug in the existing SSH. If you wish, you may also see the old instructions. If you have any issues with this, let us know.
If you have installed a client with the previous step, or you are coming from a system that already has Globus installed (eg, another TeraGrid site), it is easy to use the client. First, get a proxy certificate as described here.
If TeraGrid certificates are not already taken care of (eg your computer), you need to use the -T
flag with myproxy-logon
, which downloads all of the TeraGrid certificates to ~/.globus/certificates
. If certificates are already taken care of for you (eg any NICS resource), do not use -T
as it will prevent gsissh
from looking in the site-wide location for certificates.
Next use "gsissh kraken-gsi.nics.utk.edu"
to connect to the resource you wish to use. If the resource you are trying to connect to accepts GSI authentication, it will log on. If not, it will probably fall back on another authentication method (prompting for an OTP passcode). At NICS, the GSI nodes (eg kraken-gsi.nics.utk.edu
) accept GSI authentication, other nodes only accept OTP authentication.
This package has the following support level : Supported
All versions of this software are provided by the system vendor and are not installed by NICS staff.