Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create documentation for NOS Sandbox login steps #85

Open
Michael-Lalime opened this issue Apr 26, 2024 · 4 comments
Open

Create documentation for NOS Sandbox login steps #85

Michael-Lalime opened this issue Apr 26, 2024 · 4 comments

Comments

@Michael-Lalime
Copy link

This is a list of the steps I use for logging into the sandbox.
*Note: if you are working in the office you might not need to connect to the VPN to access the Bastion server

Connect to the VPN

SSH into the Bastion server
Using Putty:
image

SSH into the head node
ssh -i ~/.ssh/ioos.pem ec2-user@...

Do science

Email from Arnold about accounts:
Welcome IOOS Bastion User,

I hope this message finds you well. I am writing to inform you that you have been granted access to the IOOS Bastion (IP: ...**) in the Coastal Modeling Sandbox. This access is an important part of our ongoing projects and collaborations.

Linux Username: Please note that your Linux username for accessing the Bastion is the same as the name of the Google Drive folder name being shared with you. It follows the format of your first and last name in lowercase, separated by a dot (e.g., john.doe).

Access Requirements:

  1. Connection to the ERAV VPN is mandatory before accessing the Bastion. This can be achieved using the Cisco AnyConnect client.

  2. Your SSH keys (id_rsa and id_rsa.pub) have been provided in the Google Drive folder specifically shared with your email.

Instructions for Using SSH Keys:

Windows Users:

Windows Native SSH Client:

  1. Download the id_rsa and id_rsa.pub files from your Google Drive folder.

  2. Move these files to the .ssh directory located in your user folder (e.g., C:\Users[YourUsername].ssh). If the directory does not exist, create it.

  3. Right-click on the Start button and select 'Windows PowerShell' or 'Command Prompt'.

  4. To ensure the SSH client can use your private key, set the correct permissions: Execute icacls .ssh\id_rsa /inheritance:r /grant:r "%username%:r" within the PowerShell or Command Prompt.

  5. To connect to the Bastion, use the following command: ssh [your.username]@[***.**.**.***](http://***.**.**.***/)

PuTTY Users:

  1. Download the id_rsa file from your Google Drive folder.

  2. Download and open PuTTYgen (available from the PuTTY download page).

  3. In PuTTYgen, click 'Load' and select the id_rsa file. It will prompt that it successfully imported the foreign key.

  4. Click 'Save private key' to save the key in PuTTY’s format (.ppk file). You can save it with the same name for consistency.

  5. Open PuTTY, enter the Host Name ***.**.**.*** and ensure the Port is set to 22.

  6. Go to Connection > SSH > Auth. Under "Private key file for authentication:", browse and select your .ppk file.

  7. Go back to the Session page, enter a name under 'Saved Sessions', and click 'Save' to save these settings.

  8. Click 'Open' to initiate the connection. Enter your Linux username when prompted.

Important: Please handle your SSH keys with utmost care and never share them with others. These keys provide secure, encrypted access to critical systems.

Should you have any questions or require further assistance, please do not hesitate to reach out.

@Michael-Lalime
Copy link
Author

@ZacharyWills I obscured the IP addresses and didn't put a screenshot of the Bastion server screen because I wasn't sure if we should show the IP addresses in here. I can change it if you think it's though.

@cpaternostro
Copy link

Perhaps this should be moved to be a permanent document as a README or SOP.

@Michael-Lalime
Copy link
Author

Michael-Lalime commented May 13, 2024 via email

@Michael-Lalime
Copy link
Author

From Jiantao Xu in CO-OPS related to accessing through the CO-OPS system
Notes:
Please be on CO-OPS VPN to access the IOOS cloud servers.
You should use your individual ssh keys. Please reach out to Michael Lalime (michael.lalime@noaa.gov) if you haven’t received them through a shared google folder with your keys.
Bastion server (server name: ioos-bastion, IP: 137.75.95.230). Bastion server is your login node with low memory and disk space. Please only use it as a gateway to the computing nodes.
Cloud computing environment head node (IP: 10.26.37.40). IMPORTANT: Currently IOOS only sets up one user account (ec2-user) on the head node, which means all people use the same account to access the computing environment. Therefore, after you access this server, please don't delete any files/folders that are not created by you. Please create your own folder under the CO-OPS directory and work under your folder only. IOOS will create a CO-OPS working group and look into individual accounts.

For Windows with Tectia:

  1. Download "id_rsa" and "id_rsa.pub" from the Google Drive folder (Please refer to Notes No. 2 above).
  2. Save the files "id_rsa" and "id_rsa.pub" to C:\Users[first.last|YourAccount]\AppData\Roaming\SSH\UserKeys\
  3. Add a profile in Tectia.
    i) From the Tectia window, click on Profiles, then Add Profile….
    ii) Then as shown in the following figure, type in the Profile name (you can choose a different name), hostname (exactly as it appears) and your user name, and click OK.

Tectia_1

  1. From the Tectia window, click profiles from the menu and choose the profile name you choose for the IOOS bastion and you will be connected to the bastion.

Tectia_2

  1. Now you’re on the IOOS Bastion server. At the command line, type the following command to connect to the head node where you can carry out all your development and testing work:
    ssh -i ~/.ssh/ioos.pem -o IdentitiesOnly=yes ec2-user@10.26.37.40
    You may or may not need the option in red depending on the Tectia configuration.
    For convenience, the IOOS team also saved the command in a script east2b.sh under your home directory and you can run the script directly to connect to the head node. IOOS also created a script called IOeast2b.sh that contains the -o IdentitiesOnly=yes option in case you need to use that option. So you can use either ./east2b.sh or ./IOeast2b.sh to connect to the head node.

For Linux/Unix (For CO-OPS modeling team, this will be ofswork-east1):

  1. Download "id_rsa" and "id_rsa.pub" from the Google Drive folder.
  2. Save the files "id_rsa" and "id_rsa.pub" to your "work-east" server directory ".ssh" under your home account, and change these two files' permission by typing command:
    chmod 600 ~/.ssh/id_*
  3. At the command line, type the following command to connect to IOOS bastion:
    ssh -i ~/.ssh/id_rsa first.last@137.75.95.230
    Replace first.last with your account information.
    First time when you access, please type "yes" to save the information. Once you answer "yes" for the first time, this question should never appear again.
  4. Now you’re on the IOOS Bastion server. At the command line, type the following command to connect to the head node where you can carry out all your development and testing work:
    ssh -i ~/.ssh/ioos.pem ec2-user@10.26.37.40

@KatherinePowell-NOAA KatherinePowell-NOAA changed the title Sandbox login steps Create documentation for NOS Sandbox login steps Aug 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants