ARSC system news for linuxws
Menu to filter items by type
Contents for linuxws
Machines: linuxws pacman fish
CENTER Old File Removal ======================================== ARSC has launched the automatic deletion of old files residing on the $CENTER filesystem. The automatic tool will run weekly and will target files older than 30 days. To identify which of your files are eligible for deletion, try running the following command: lfs find $CENTER -type f -atime +30 Remember, there are NO backups for data in $CENTER. Once the data is deleted, the data is gone. Note: Modification of file timestamp information, data, or metadata for the sole purpose of bypassing the automated file removal tool is prohibited. The policy regarding the deletion of old files is available on the ARSC website: http://www.arsc.edu/arsc/support/policy/#removal Users are encouraged to move important but infrequently used data to the intermediate and long term $ARCHIVE storage filesystem. Recommendations for optimizing $ARCHIVE file storage and retrieval are available on the ARSC website: http://www.arsc.edu/arsc/knowledge-base/long-term-storage-best-pr/index.xml Please contact the ARSC Help Desk with questions regarding the automated deletion of old files in $CENTER.
Machines: linuxws pacman bigdipper fish
How to update your LDAP password ======================================== User authentication and login to ARSC systems uses University of Alaska (UA) passwords and follows the LDAP protocol to connect to the University's Enterprise Directory. Because of this, users must change their passwords using the UA Enterprise tools. While logging into ARSC systems, if you see the following message, please change your password on https://elmo.alaska.edu Password: Your are required to change your LDAP password immediately. Enter login(LDAP) password: Attempts to change your password on ARSC systems will fail. Please contact the ARSC Help Desk if you are unable to log into https://elmo.alaska.edu to change your login password.
Machines: linuxws pacman
Using the Modules Package ========================= The modules package is used to prepare the environment for various applications before they are run. Loading a module will set the environment variables required for a program to execute properly. Conversely, unloading a module will unset all environment variables that had been previously set. This functionality is ideal for switching between different versions of the same application, keeping differences in file paths transparent to the user. Sourcing the Module Init Files --------------------------------------------------------------------- For some jobs, it may be necessary to source these files, as they may not be automatically sourced as with login shells. Before the modules package can be used, its init file must first be sourced. To do this using tcsh or csh, type: source /etc/profile.d/modules.csh To do this using bash, ksh, or sh, type: . /etc/profile.d/modules.sh Once the modules init file has been sourced, the following commands become available: Command Purpose --------------------------------------------------------------------- module avail - list all available modules module load <pkg> - load a module file from environment module unload <pkg> - unload a module file from environment module list - display modules currently loaded module switch <old> <new> - replace module <old> with module <new> module purge - unload all modules
Setting up SSH Public Authentication on Linux/UNIX Systems =========================================================== SSH public key authentication is available on ARSC Academic systems as an alternative to SecurID authentication. This method of authentication allows you to log into ARSC Academic systems (e.g. pacman, midnight, bigdipper) using a password, removing the need for a hardware authentication mechanism. The following guide describes the procedure for enabling SSH public key authentication for your workstation account. Linux and Mac Systems Instructions ================================== Step #1 - Generate an SSH Key Pair on Your Local System Note: If you have existing SSH keys on your system, you may want to back them up before generating a new key pair. The SSH installation on your local system should have come with an executable named "ssh-keygen". Use this command to generate an SSH public/private key pair: $ ssh-keygen This program will prompt you for the location to save the key. The rest of this guide will assume you chose the default location, $HOME/.ssh/id_rsa. You will then be prompted to enter a password. Please choose a long password with multiple character classes (e.g., lowercase letters, uppercase letters, numbers, and/or symbols). After you set your password, the program will write two files to the location you specified: Private Key: $HOME/.ssh/id_rsa Public Key: $HOME/.ssh/id_rsa.pub Do not share your private key. Take precautions to make sure others cannot access your private key. Step #2 - Transfer Your Public Key to Pacman, Midnight, Linux Workstations, etc. ARSC has developed a tool, "ssh-keymanage", to help you comply with our security policies while adding your SSH public keys to linux workstations. When a public key is added to your account on the workstations, it must be associated with a particular system that is allowed to authenticate with that key. This is accomplished via SSH's "from=" clause, which is tied to a public key when it is inserted into SSH's authorized_keys file. The basic usage for adding a public key to a workstation with the ssh-keymanage tool is: ssh-keymanage --add <keyfile> --host <hostname> This usage assumes that you have already transferred the public key you generated in Step #1 to the workstation. You will also need to know your local system's full hostname (e.g., "sysname.uaf.edu"). Alternatively, the following command can be used to transfer and add your key to a workstation all at once: cat ~/.ssh/id_rsa.pub | ssh -tt email@example.com ssh-keymanage --add /dev/stdin --host sysname.uaf.edu Step #3 - Enable SSH Public Key Authentication on Your Local System Workstations are already configured to allow SSH public key authentication on the server side, but you will need to make sure the SSH client on your local machine is configured to allow SSH public key authentication. There are several ways to do this, including: a) Adding an option to your SSH command when you connect to a workstation: ssh -o PubkeyAuthentication=yes firstname.lastname@example.org b) Adding the following to your $HOME/.ssh/config file as a long-term solution: Host mallard.arsc.edu PubkeyAuthentication yes Windows Instructions ==================== Step #1 - Generate an SSH Key Pair on Your Local System Note: If you have existing SSH keys on your system, you may want to back them up before generating a new key pair. You will need to use PuTTY's "puttygen.exe" program to generate a key pair. If you installed the HPCMP Kerberos Kit in the default location, you can run this program by clicking Start -> Run and entering the following into the "Open" text box: "C:\Program Files\HPCMP Kerberos\puttygen.exe" Next, click the "Generate" button in this program. This will prompt you to move the mouse around to generate randomness to create a unique key pair. This may take you a few minutes. Once this process is complete, you will be shown the public key for your SSH key pair. Please enter a password for your key pair by filling out both the "Key passphrase" and "Confirm passphrase" text boxes. Choose a long password with multiple character classes (e.g., lowercase letters, uppercase letters, numbers, and/or symbols). Then, click the "Save private key" button. You are free to choose the file name and location of the private key. This guide will assume you saved the private key as "private.ppk" in your "My Documents" folder. Do not share your private key. Take precautions to make sure others cannot access your private key. Proceed to Step #2, but do not close the "PuTTY Key Generator" yet. Step #2 - Transfer Your Public Key to the workstations Log into a workstation with your SecurID card and open your favorite text editor. Copy the text in the "Public key for pasting into OpenSSH authorized_keys file" text area on the "PuTTY Key Generator" window. Paste this text into the text editor on a workstation and save this to a temporary file. This guide will assume you named the file "pubkey". ARSC has developed a tool, "ssh-keymanage", to help you comply with our security policies while adding your SSH public keys to a workstation. When a public key is added to your account on the workstation, it must be associated with a particular system that is allowed to authenticate with that key. This is accomplished via SSH's "from=" clause, which is tied to a public key when it is inserted into SSH's authorized_keys file. The basic usage for adding a public key to the workstation with the ssh-keymanage tool is: ssh-keymanage --add <keyfile> --host <hostname> You will need to know your local system's full hostname (e.g., "sysname.uaf.edu"). For example: ssh-keymanage --add pubkey --host sysname.uaf.edu This command will report whether the key was successfully added. Once the public key has been added, type "exit" to close PuTTY. Step #3 - Add Your Private Key to PuTTY Launch PuTTY again. Click the + sign next to "SSH", under the "Connection" category. Click the "Auth" section under the SSH subcategory. Click the "Browse..." button under "Private key file for authentication" and select your private key file, "private.ppk". Go back to the "Session" category and enter workstation name under "Host Name". If you do not want to enter your private key every time you run PuTTY, you may wish to save your session settings by entering a name under "Saved Sessions" (e.g., "Workstation (pubkey auth)") and clicking "Save". The next time you run PuTTY, you can reload these settings by selecting your saved session and clicking "Load". Finally, click "Open". Instead of being prompted for a SecurID passcode, you should be prompted for the password you set on your key pair in Step #1. Enter your key pair password. You should now be logged into the workstation.