-1Petr
Kulhanek
kulhanek@chemi.muni.cz
National Center for Biomolecular Research, Faculty of Science
Masaryk University, Kamenice 5, CZ-62500 Brno
Remote access to Linux (Unix)
from Linux/macOS
Native applications (ssh, scp, display export) + Kerberos
PS / 2020 Distance form of teaching: Rev3
-2Remote
Access
Remote
Linux
machine
Linux/macOS
terminal
ssh, command line, (X-forward)
scp, copy/move files
GUI
X-server GUI
➢ ssh
➢ scp
+ Kerberos
-3Kerberos
- Workflow
PC
node02
node03 nodeXX
login between nodes of
cluster without having to enter the password
with password (your local account)
with password (eINFRA for the WOLF cluster)
without password for the period of validity of
krb5 tickets
(the password is entered each time)
PC
kinit (password required once)
B) Recommended mode for your personal computers with Linux / macOS OS.
PC
(pam_krb5)
A)
B)
C)
WOLF cluster
-4Ubuntu
18.04 / 20.04
➢ Installation of Support for Kerberos
-5Ubuntu
18.04 / 20.04
1. Activating the NCBR package repository for Ubuntu:
https://einfra.ncbr.muni.cz » User Support » Ubuntu Packages
Choose CEITEC MU/NCBR PUBLIC from
• Ubuntu 18.04 LTS Native
• Ubuntu 20.04 LTS Native (Experimental)
Follow the instructions in the tab: "Instructions"
2. Installing packages:
$ sudo apt-get update
$ sudo apt-get install ncbr-krb5-einfra
$ sudo apt-get install ncbr-ssh-client-config
-6Linux
(in general)
➢ Installation of Support for Kerberos
-7Installing
Packages
1. Depending on your distribution, install the packages that provide the ssh (client) and
kinit (krb5 implementation - MIT or Heimdal):
1. ssh, scp (possible package names)
• openssh-client
• openssh
• if you don't know what you're doing, don't install an ssh server
2. kinit, klist, kdestroy (possible package names)
• Heimdal-clients
• krb5-user
• krb5-workstation
-8-
Configuration
1. Kerberos configuration:
1. Download configuration file /etc/krb5.conf from the WOLF cluster (the file is on
each node) and save it in the /etc on your computer (leave the name the same,
i.e., krb5.conf).
2. Make sure you can get krb5 tickets
1. $ kinit username@META
2. $ klist
2. ssh client configuration:
1. create file ~/.ssh/config
1. $ mkdir -p ~/.ssh
2. $ chmod 700 ~/.ssh
3. $ touch ~/.ssh/config
4. $ chmod 600 ~/.ssh/config
2. open the file in a text editor and paste it into it:
Host *
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
User username For details: man ssh_config
username - Replace with your
WOLF username
-9-
macOS
➢ Installation of Support for Kerberos
-10-
Configuration
1. Kerberos configuration:
1. Download configuration file /etc/krb5.conf from the WOLF cluster (the file is on
each node) and save it in the /etc on your computer (leave the name the same,
i.e., krb5.conf).
2. Make sure you can get krb5 tickets
1. $ kinit username@META
2. $ klist
2. ssh client configuration:
1. create file ~/.ssh/config
1. $ mkdir -p ~/.ssh
2. $ chmod 700 ~/.ssh
3. $ touch ~/.ssh/config
4. $ chmod 600 ~/.ssh/config
2. open the file in a text editor and paste it into it:
Host *
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
User username For details: man ssh_config
username - Replace with your
WOLF username