login.rst

Access and Login
================

To gain access your account needs to be added to the **mpibgrid** access group.
Drop us an E-Mail if you would like to join, there are no restrictions, we
simply would like to talk to you beforehand.


SSH Terminal
------------

Access to the Tardis is provided via secure shell. On Mac OSX and Linux machines
the :program:`ssh` program should be already installed. To get an instant shell on the
tardis run:
::

   ssh <YOUR_USERNAME>@tardis.mpib-berlin.mpg.de

On Windows you might want to try `Putty
<https://www.chiark.greenend.org.uk/~sgtatham/putty/>`_.  For a while now we
also have a `web shell <https://tardis.mpib-berlin.mpg.de/>`_ for when there is
no SSH client available.

On the first connection you will be prompted to accept a host fingerprint.
This is to authenticate the host and to prevent so-called man in the middle
attacks on your connection. The fingerprint should be either one of the
following:

+------------+----------+-------------------------------------------------+
| **Cipher** | **Algo** | **Fingerprint**                                 |
+------------+----------+-------------------------------------------------+
| RSA        | MD5      | b3:c5:6a:3a:e1:cf:ca:38:57:43:19:1e:fc:45:eb:f4 |
+------------+----------+-------------------------------------------------+
| RSA        | SHA-256  | EwUlbWfFa27S9IickmNrEjbKp8yYafJ4+ga+fl4MDU0=    |
+------------+----------+-------------------------------------------------+
| ED25519    | MD5      | 46:5a:90:b1:06:b8:d4:96:24:cc:f5:f5:55:bf:f1:6d |
+------------+----------+-------------------------------------------------+
| ED25519    | SHA-256  | kvAQatFgyA0DidMvKMf7xmGJWehZ3ASR9E0D+nxwFd0=    |
+------------+----------+-------------------------------------------------+

SSH File Transfer
-----------------

There are a number of (graphical) clients to help you transfer and mange files
and directories on the Tardis. For the most common operating systems we
recommend the following but you are of course free to use whatever you want.


Linux
^^^^^
Most modern Linux Desktops come with SSH already built-in to their file
manager. In Ubuntu you can simply use ``sftp://`` or ``ssh://`` as a protocol
in Nautilus:

.. image:: ../img/nautilus.png
   :width: 80%

Open the following URL in your file manager (CTRL-L) ::

   ssh://YOUR_USERNAME@tardis.mpib-berlin.mpg.de/home/mpib/

Mac OSX
^^^^^^^

Apple has unfortunately not implemented the ``ssh://`` protocol family into their finder. A workaround is the `osxfuse`_ project, possibly but not necessarily in combination with `macfusion`_:

.. image:: ../img/osxfuse.png
   :width: 80%



Installation
   If you're using an MPIB Mac with Managed Software Center, just install the macfusion package from there:


.. image:: ../img/macfusion_munki.png
   :width: 80%


Otherwise
   1. Download and install `osxfuse`_ and make sure to tick the "Compatibility Layer for MacFuse" option
   2. Reboot your machine
   3. Either use ``sshfs`` in the command line or download and install `macfusion`_:

Macfusion Configuration
   1. add a new profile with the hostname ``tardis.mpib-berlin.mpg.de`` and your username
   2. in the Tab **SSH Advanced** enable the option :samp:`Defer Permissions`
   3. starting with macOS High Sierra you need to pass a valid mount point below your user home, for example ``/Users/<you_username>/Volumes/tardis`` - (**Careful**: for some reason Macfusion expects the parent directory to exist, but not the last level. So make sure to create ``/Users/<your_username>/Volumes`` if you chose to use this location.)
   4. run ``ssh <you_username>@tardis.mpib-berlin.mpg.de`` in the terminal and approve the host key once, see above for fingerprints
   5. mount the new profile by clicking on mount
   6. open in finder either by looking for it or click the cogs icon and then *Reveal*
   7. A general remark: this software is really buggy, try removing and re-adding the profile when there are unexplainable errors or let us know
      (Log files are helpful to isolate the problem, they can be found under *cogs*-symbol -> Log)

Using sshfs directly
   Alternatively, you can simply run sshfs in the command line to mount the remote side:

.. code-block:: text

   lip-osx-001106:~ krause$ mkdir -p /Users/krause/Volumes/tardis  # run this only once
   lip-osx-001106:~ krause$ sshfs krause@tardis.mpib-berlin.mpg.de: /Users/krause/Volumes/tardis/
   warning: ssh nodelay workaround disabled
   krause@tardis.mpib-berlin.mpg.de's password: *******
   lip-osx-001106:~ krause$





Windows
^^^^^^^
The most common utility to transfer files on Windows is `WinSCP <https://winscp.net/eng/download.php>`_:

.. image:: ../img/winscp.png
   :width: 80%


Mounting File Servers
---------------------

You can transfer files directly from the tardis to our file servers, without
taking the detour through your client. There are multiple ways to *mount* the
servers.

.. warning::

    When you work on network folders on the tardis there is no such thing as trash.
    When you accidentally remove a folder, it is **gone**. This also accounts for
    mounted network folders! Please remember that restoring network file server
    backups are extremely costly and take a lot of time.  Also note that the Tardis
    itself (i.e. your Home Directory) does **not** have a backup at all.

udevil
^^^^^^

Udevil is a helper program to manually mount specific folders to your home
directory and it works like this:

Create a mount location (once):

.. code-block:: bash

    krause@master:~> $ mkdir NetworkFolders

Now mount a folder with this command (FB-LIP in this example):

.. code-block:: bash

    krause@master:~> $ udevil mount -t cifs smb://$USER@mpib-berlin.mpg.de/FB-LIP NetworkFolders/

It will ask you for your password:

.. code-block:: bash

    krause@master:~> $ udevil mount -t cifs smb://krause@mpib-berlin.mpg.de/fb-lip NetworkFolders/
    Password:
    Mounted //mpib-berlin.mpg.de/fb-lip at /home/mpib/krause/NetworkFolders

    krause@master:~> $ ls NetworkFolders/ConMEM
    BEH  EEG  MRI  Neurodaten  Project  STUDIES


If you want to mount another folder either create a different target directory or **unmount** the old folder first:

.. code-block:: bash

    krause@master:~> $ udevil umount NetworkFolders/
    krause@master:~> $

You can check all your currently mounted folders with :program:`mount` and filtering by
your username with :program:`mount | grep $USER`.

SMBNetFs (deprecated)
^^^^^^^^^^^^^^^^^^^^^

*Although it might still work, this approach is not recommended anymore.*

When you login with your password the folder :file:`MPIB-SAMBA` should be
populated with all the detected file servers, like :file:`mpib06, mpib10 or
dfs1`. You can simply navigate to the desired folder and use :program:`cp, mv,
rm etc` on those folders:

.. code-block:: bash

   krause@master:~> $ cd MPIB-SAMBA/dfs1
   krause@master:~/MPIB-SAMBA/dfs1> $ ls
   Bibliothek  FB-ABC  FB-ARC  FB-GG  FB-LIP  Misc  MPFG-Affekt
   MPFG-Musik  MPFG-REaD  MPRG-NSC  mrt  PR  User  Verwaltung
   ZentraleDienste
   krause@master:~/MPIB-SAMBA/dfs1> $


After a while the automatic access granting ticket will expire and you might see an error like this:

.. code-block:: bash

    krause@master:~> $ ls MPIB-SAMBA/mpib11
    ls: cannot open directory MPIB-SAMBA/mpib11: Permission denied

In that case you can run the script :program:`remount-smbnetfs.sh` to manually
refresh your ticket and re-mount the network folders in :file:`MPIB-SAMBA/`. No
shell or program may access the folder at that time.

.. _osxfuse: https://osxfuse.github.io/
.. _macfusion: http://macfusionapp.org/