ARSC system news for linuxws

Menu to filter items by type

Type Downtime News
Machine All Systems linuxws pacman bigdipper fish lsi

Contents for linuxws

News Items

"CENTER Old File Removal" on linuxws

Last Updated: Tue, 17 Dec 2013 -
Machines: linuxws pacman fish
CENTER Old File Removal Begins 01/08/2014
========================================
On January 08, 2014 ARSC will begin automatically deleting old files
residing on the $CENTER filesystem.  The automatic tool will run
weekly and will target files older than 30 days.  The complete
policy describing this old file removal is available online:
http://www.arsc.edu/arsc/support/policy/#storagePolicies

In preparation for the activation of the automated file
removal tool, files targeted for removal will be listed in a
/center/w/purgeList/username directory and viewable by the individual
file owners. This file listing is an estimation only - files may be
deleted despite failing to appear in this listing.

Note: Modification of file timestamp information, data, or metadata
for the sole purpose of bypassing the automated file removal tool
is prohibited.

Users are encouraged to move important but infrequently used
data to the intermediate and long term $ARCHIVE storage
filesystem. Recommendations for optimizing $ARCHIVE file
storage and retrieval are available on the ARSC website:
http://www.arsc.edu/arsc/knowledge-base/long-term-storage-best-pr/index.xml

Please contact the ARSC Help Desk with questions regarding the
automated deletion of old files in $CENTER.

"LDAP Passwords" on linuxws

Last Updated: Mon, 20 May 2013 -
Machines: linuxws pacman bigdipper fish
    
How to update your LDAP password 
========================================

User authentication and login to ARSC systems uses University 
of Alaska (UA) passwords and follows the LDAP protocol to connect to
the University's Enterprise Directory.  Because of this, users must
change their passwords using the UA Enterprise tools.

While logging into ARSC systems, if you see the following message,
please change your password on https://elmo.alaska.edu

  Password: 
  Your are required to change your LDAP password immediately.
  Enter login(LDAP) password:

Attempts to change your password on ARSC systems will fail.

Please contact the ARSC Help Desk if you are unable to log into
https://elmo.alaska.edu to change your login password.

  

"modules" on linuxws

Last Updated: Sun, 06 Jun 2010 -
Machines: linuxws pacman
Using the Modules Package
=========================

The modules package is used to prepare the environment for various
applications before they are run.  Loading a module will set the
environment variables required for a program to execute properly.
Conversely, unloading a module will unset all environment variables
that had been previously set.  This functionality is ideal for
switching between different versions of the same application, keeping
differences in file paths transparent to the user.


Sourcing the Module Init Files
---------------------------------------------------------------------
For some jobs, it may be necessary to source these files, as they 
may not be automatically sourced as with login shells.
 
Before the modules package can be used, its init file must first be
sourced.

To do this using tcsh or csh, type:

   source /etc/profile.d/modules.csh

To do this using bash, ksh, or sh, type:

   . /etc/profile.d/modules.sh

Once the modules init file has been sourced, the following commands
become available:

Command                     Purpose
---------------------------------------------------------------------
module avail                - list all available modules
module load <pkg>           - load a module file from environment
module unload <pkg>         - unload a module file from environment
module list                 - display modules currently loaded
module switch <old> <new>   - replace module <old> with module <new>
module purge                - unload all modules

"pubkeys" on linuxws

Last Updated: Sun, 19 Dec 2010 -
Machines: linuxws
Setting up SSH Public Authentication on Linux/UNIX Systems
===========================================================

SSH public key authentication is available on ARSC Academic systems 
as an alternative to SecurID authentication.  This method of authentication 
allows you to log into ARSC Academic systems (e.g. pacman, midnight,
bigdipper) using a password, removing the need for a hardware 
authentication mechanism.  The following guide describes the procedure for 
enabling SSH public key authentication for your workstation account.

Linux and Mac Systems Instructions
==================================

Step #1 - Generate an SSH Key Pair on Your Local System

Note: If you have existing SSH keys on your system, you may want to back 
them up before generating a new key pair.

The SSH installation on your local system should have come with an 
executable named "ssh-keygen".  Use this command to generate an SSH 
public/private key pair:

  $ ssh-keygen

This program will prompt you for the location to save the key.  The rest 
of this guide will assume you chose the default location, 
$HOME/.ssh/id_rsa.

You will then be prompted to enter a password.  Please choose a long 
password with multiple character classes (e.g., lowercase letters, 
uppercase letters, numbers, and/or symbols).  After you set your password, 
the program will write two files to the location you specified:

  Private Key: $HOME/.ssh/id_rsa
  Public Key: $HOME/.ssh/id_rsa.pub

Do not share your private key.  Take precautions to make sure others 
cannot access your private key.

Step #2 - Transfer Your Public Key to Pacman, Midnight, Linux Workstations, etc.

ARSC has developed a tool, "ssh-keymanage", to help you comply with our 
security policies while adding your SSH public keys to linux workstations.
When a public key is added to your account on the workstations, it must be
associated with a particular system that is allowed to authenticate with that 
key.  This is accomplished via SSH's "from=" clause, which is tied to a public 
key when it is inserted into SSH's authorized_keys file.

The basic usage for adding a public key to a workstation with the 
ssh-keymanage tool is:

  ssh-keymanage --add <keyfile> --host <hostname>

This usage assumes that you have already transferred the public key you 
generated in Step #1 to the workstation.  You will also need to know your local 
system's full hostname (e.g., "sysname.uaf.edu").

Alternatively, the following command can be used to transfer and add your 
key to a workstation all at once:

  cat ~/.ssh/id_rsa.pub | ssh -tt username@mallard.arsc.edu ssh-keymanage --add /dev/stdin --host sysname.uaf.edu

Step #3 - Enable SSH Public Key Authentication on Your Local System

Workstations are already configured to allow SSH public key authentication on 
the server side, but you will need to make sure the SSH client on your local 
machine is configured to allow SSH public key authentication.  There are 
several ways to do this, including:

a) Adding an option to your SSH command when you connect to a workstation:

     ssh -o PubkeyAuthentication=yes username@mallard.arsc.edu

b) Adding the following to your $HOME/.ssh/config file as a long-term 
   solution:

     Host mallard.arsc.edu
     PubkeyAuthentication yes

Windows Instructions
====================

Step #1 - Generate an SSH Key Pair on Your Local System

Note: If you have existing SSH keys on your system, you may want to back 
them up before generating a new key pair.

You will need to use PuTTY's "puttygen.exe" program to generate a key 
pair.  If you installed the HPCMP Kerberos Kit in the default location, 
you can run this program by clicking Start -> Run and entering the 
following into the "Open" text box:

  "C:\Program Files\HPCMP Kerberos\puttygen.exe"

Next, click the "Generate" button in this program.  This will prompt you 
to move the mouse around to generate randomness to create a unique key 
pair.  This may take you a few minutes.  Once this process is complete, 
you will be shown the public key for your SSH key pair.

Please enter a password for your key pair by filling out both the "Key 
passphrase" and "Confirm passphrase" text boxes.  Choose a long password 
with multiple character classes (e.g., lowercase letters, uppercase 
letters, numbers, and/or symbols).

Then, click the "Save private key" button.  You are free to choose the 
file name and location of the private key.  This guide will assume you 
saved the private key as "private.ppk" in your "My Documents" folder.  Do 
not share your private key.  Take precautions to make sure others cannot 
access your private key.  Proceed to Step #2, but do not close the "PuTTY 
Key Generator" yet.

Step #2 - Transfer Your Public Key to the workstations

Log into a workstation with your SecurID card and open your favorite text 
editor.  Copy the text in the "Public key for pasting into OpenSSH 
authorized_keys file" text area on the "PuTTY Key Generator" window.  
Paste this text into the text editor on a workstation and save this to a 
temporary file.  This guide will assume you named the file "pubkey".

ARSC has developed a tool, "ssh-keymanage", to help you comply with our 
security policies while adding your SSH public keys to a workstation.  When a 
public key is added to your account on the workstation, it must be associated 
with a particular system that is allowed to authenticate with that key.  This 
is accomplished via SSH's "from=" clause, which is tied to a public key 
when it is inserted into SSH's authorized_keys file.

The basic usage for adding a public key to the workstation with the 
ssh-keymanage tool is:

  ssh-keymanage --add <keyfile> --host <hostname>

You will need to know your local system's full hostname (e.g., 
"sysname.uaf.edu").  For example:

  ssh-keymanage --add pubkey --host sysname.uaf.edu

This command will report whether the key was successfully added.  Once the 
public key has been added, type "exit" to close PuTTY.

Step #3 - Add Your Private Key to PuTTY

Launch PuTTY again.  Click the + sign next to "SSH", under the 
"Connection" category.  Click the "Auth" section under the SSH 
subcategory.  Click the "Browse..." button under "Private key file for 
authentication" and select your private key file, "private.ppk".  Go back 
to the "Session" category and enter workstation name under "Host Name".

If you do not want to enter your private key every time you run PuTTY, you 
may wish to save your session settings by entering a name under "Saved 
Sessions" (e.g., "Workstation (pubkey auth)") and clicking "Save".  The next 
time you run PuTTY, you can reload these settings by selecting your saved 
session and clicking "Load".

Finally, click "Open".  Instead of being prompted for a SecurID passcode, 
you should be prompted for the password you set on your key pair in 
Step #1.  Enter your key pair password.  You should now be logged into 
the workstation.


Back to Top