First connection

At your first attempt to connect to PSMN (either from the ENS network or from outside, see figure below), you need to strictly follow these instructions:

The following message will appear at your first attempt to connect by SSH to allo-psmn (or ssh.psmn, then allo-psmn):

The authenticity of host allo-psmn.ens-lyon.fr (140.77.144.90) can not be established.
RSA key fingerprint is xx:lots:of:caracters:ascii:xx:xx.

To the question:

Are you sure you want to continue connecting (yes/no)?

answer :

yes
PSMN gateways synoptic

Fig. 2 Internal or External PSMN gateways synoptic

Generate internal PSMN SSH keys

Important

PSMN SSH keys

This step generates a SSH keys pair which is needed for your work on PSMN servers: for instance, job management, which are automated process on your behalf, needs an automated authentication.

These keys will be generated without passphrase, therefore they MUST NOT leave PSMN or be used for anything else: they basically provide no strong authentication.

So, the first time you connect by ssh to allo-psmn, follow these instructions:

ssh-keygen -t rsa

To the question:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/your_login/.ssh/id_rsa):

hit ENTER ⏎ (default answer).

To the questions:

Enter passphrase (empty for no passphrase):

and

Enter same passphrase again:

hit ENTER ⏎ (default answer) again.

Then, create the file ~/.ssh/authorized_keys file by typing:

touch ~/.ssh/authorized_keys

and add (>>) your PSMN public SSH key (id_rsa.pub) to the ~/.ssh/authorized_keys file:

cat .ssh/id_rsa.pub >> ~/.ssh/authorized_keys

Define an minimal working environment

See our Environment & tools chapters.

  • Define minimal ssh configuration

To automate as much as possible connections to machines and compute nodes, create the following configuration file (~/.ssh/config) on your “workstation”:

Host *
  ServerAliveInterval 60
  ForwardX11Timeout 1d
  TCPKeepAlive yes
  ForwardAgent yes
  ForwardX11 yes         # for Linux
#  ForwardX11Trusted yes # for MacOSX
  Compression yes
  StrictHostKeyChecking no
  HashKnownHosts no

You can find a more complete file in the chapter Example of SSH configuration.

  • vi/vim configuration file

See our vim chapter in editors page.