login.rst 7.25 KB
Newer Older
Michael Krause's avatar
Michael Krause committed
1
2
3
4
5
6
7
8
9
10
11
12
Access and Login
================

To gain access your account needs to be added to the **mpibgrid** access group.
Drop us an E-Mail if you would like to join, there are no restrictions, we
simply would like to talk to you beforehand.


SSH Terminal
------------

Access to the Tardis is provided via secure shell. On Mac OSX and Linux machines
Michael Krause's avatar
Michael Krause committed
13
the :program:`ssh` program should be already installed. To get an instant shell on the
Michael Krause's avatar
Michael Krause committed
14
tardis run:
Michael Krause's avatar
Michael Krause committed
15
::
Michael Krause's avatar
Michael Krause committed
16
17
18
19

   ssh <YOUR_USERNAME>@tardis.mpib-berlin.mpg.de

On Windows you might want to try `Putty
20
<https://www.chiark.greenend.org.uk/~sgtatham/putty/>`_.  For a while now we
Michael Krause's avatar
Michael Krause committed
21
22
23
24
25
26
27
28
also have a `web shell <https://tardis.mpib-berlin.mpg.de/>`_ for when there is
no SSH client available.

On the first connection you will be prompted to accept a host fingerprint.
This is to authenticate the host and to prevent so-called man in the middle
attacks on your connection. The fingerprint should be either one of the
following:

Michael Krause's avatar
Michael Krause committed
29
30
31
32
33
34
35
+------------+----------+-------------------------------------------------+
| **Cipher** | **Algo** | **Fingerprint**                                 |
+------------+----------+-------------------------------------------------+
| RSA        | MD5      | b3:c5:6a:3a:e1:cf:ca:38:57:43:19:1e:fc:45:eb:f4 |
+------------+----------+-------------------------------------------------+
| RSA        | SHA-256  | EwUlbWfFa27S9IickmNrEjbKp8yYafJ4+ga+fl4MDU0=    |
+------------+----------+-------------------------------------------------+
36
| ED25519    | MD5      | 46:5a:90:b1:06:b8:d4:96:24:cc:f5:f5:55:bf:f1:6d |
Michael Krause's avatar
Michael Krause committed
37
+------------+----------+-------------------------------------------------+
38
| ED25519    | SHA-256  | kvAQatFgyA0DidMvKMf7xmGJWehZ3ASR9E0D+nxwFd0=    |
Michael Krause's avatar
Michael Krause committed
39
+------------+----------+-------------------------------------------------+
Michael Krause's avatar
Michael Krause committed
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

SSH File Transfer
-----------------

There are a number of (graphical) clients to help you transfer and mange files
and directories on the Tardis. For the most common operating systems we
recommend the following but you are of course free to use whatever you want.


Linux
^^^^^
Most modern Linux Desktops come with SSH already built-in to their file
manager. In Ubuntu you can simply use ``sftp://`` or ``ssh://`` as a protocol
in Nautilus:

.. image:: ../img/nautilus.png
   :width: 80%

Michael Krause's avatar
Michael Krause committed
58
59
Open the following URL in your file manager (CTRL-L) ::

Michael Krause's avatar
Michael Krause committed
60
   ssh://YOUR_USERNAME@tardis.mpib-berlin.mpg.de/home/mpib/
Michael Krause's avatar
Michael Krause committed
61

Michael Krause's avatar
Michael Krause committed
62
63
64
Mac OSX
^^^^^^^

Michael Krause's avatar
Michael Krause committed
65
Apple has unfortunately not implemented the ``ssh://`` protocol family into their finder. A workaround is the `osxfuse`_ project, possibly but not necessarily in combination with `macfusion`_:
Michael Krause's avatar
Michael Krause committed
66
67
68
69

.. image:: ../img/osxfuse.png
   :width: 80%

Michael Krause's avatar
Michael Krause committed
70

71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

Installation
   If you're using an MPIB Mac with Managed Software Center, just install the macfusion package from there:


.. image:: ../img/macfusion_munki.png
   :width: 80%


Otherwise
   1. Download and install `osxfuse`_ and make sure to tick the "Compatibility Layer for MacFuse" option
   2. Reboot your machine
   3. Either use ``sshfs`` in the command line or download and install `macfusion`_:

Macfusion Configuration
Michael Krause's avatar
Michael Krause committed
86
   1. add a new profile with the hostname ``tardis.mpib-berlin.mpg.de`` and your username
87
88
89
90
91
92
93
94
95
96
   2. in the Tab **SSH Advanced** enable the option :samp:`Defer Permissions`
   3. starting with macOS High Sierra you need to pass a valid mount point below your user home, for example ``/Users/<you_username>/TARDIS`` - make sure this directory does not exist yet
   4. run ``ssh <you_username>@tardis.mpib-berlin.mpg.de`` in the terminal and approve the host key once, see above for fingerpints
   5. mount the new profile by clicking on mount
   6. open in finder either by looking for it or click the cogs icon and then *Reveal*
   7. A general remark: this software is really buggy, try removing and re-adding the profile when there are unexplainable errors or let us know

Using sshfs directly
   Alternatively, you can simply run sshfs in the command line to mount the remote side:

97
.. code-block::
98
99
100
101
102
103
104
105
106

   lip-osx-001106:~ krause$ mkdir -p /Users/krause/Volumes/tardis  # run this only once
   lip-osx-001106:~ krause$ sshfs krause@tardis.mpib-berlin.mpg.de: /Users/krause/Volumes/tardis/
   warning: ssh nodelay workaround disabled
   krause@tardis.mpib-berlin.mpg.de's password: *******
   lip-osx-001106:~ krause$



Michael Krause's avatar
Michael Krause committed
107
108


Michael Krause's avatar
Michael Krause committed
109
110
Windows
^^^^^^^
111
The most common utility to transfer files on Windows is `WinSCP <https://winscp.net/eng/download.php>`_:
Michael Krause's avatar
Michael Krause committed
112
113
114

.. image:: ../img/winscp.png
   :width: 80%
Michael Krause's avatar
Michael Krause committed
115

Michael's avatar
Michael committed
116
117
118
119
120
121
122
123

Mounting File Servers
---------------------

You can transfer files directly from the tardis to our file servers, without
taking the detour through your client. There are multiple ways to *mount* the
servers.

Michael Krause's avatar
Michael Krause committed
124
.. warning::
Michael's avatar
Michael committed
125

Michael Krause's avatar
Michael Krause committed
126
127
128
129
130
    When you work on network folders on the tardis there is no such thing as trash.
    When you accidentally remove a folder, it is **gone**. This also accounts for
    mounted network folders! Please remember that restoring network file server
    backups are extremely costly and take a lot of time.  Also note that the Tardis
    itself (i.e. your Home Directory) does **not** have a backup at all.
Michael's avatar
Michael committed
131
132
133
134

SMBNetFs
^^^^^^^^

Michael Krause's avatar
Michael Krause committed
135
136
137
138
When you login with your password the folder :file:`MPIB-SAMBA` should be
populated with all the detected file servers, like :file:`mpib06, mpib10 or
dfs1`. You can simply navigate to the desired folder and use :program:`cp, mv,
rm etc` on those folders:
Michael's avatar
Michael committed
139
140

.. code-block:: bash
Michael's avatar
Michael committed
141
142
143
144
145
146
147
148
149

   krause@master:~> $ cd MPIB-SAMBA/dfs1
   krause@master:~/MPIB-SAMBA/dfs1> $ ls
   Bibliothek  FB-ABC  FB-ARC  FB-GG  FB-LIP  Misc  MPFG-Affekt
   MPFG-Musik  MPFG-REaD  MPRG-NSC  mrt  PR  User  Verwaltung
   ZentraleDienste
   krause@master:~/MPIB-SAMBA/dfs1> $


Michael's avatar
Michael committed
150
151
152
After a while the automatic access granting ticket will expire and you might see an error like this:

.. code-block:: bash
Michael's avatar
Michael committed
153
154
155
156

    krause@master:~> $ ls MPIB-SAMBA/mpib11
    ls: cannot open directory MPIB-SAMBA/mpib11: Permission denied

Michael Krause's avatar
Michael Krause committed
157
158
159
In that case you can run the script :program:`remount-smbnetfs.sh` to manually
refresh your ticket and re-mount the network folders in :file:`MPIB-SAMBA/`. No
shell or program may access the folder at that time.
Michael's avatar
Michael committed
160
161
162
163

udevil
^^^^^^

Michael Krause's avatar
Michael Krause committed
164
165
Udevil is a helper program to manually mount specific folders to your home
directory and it works like this:
Michael's avatar
Michael committed
166

Michael's avatar
Michael committed
167
168
169
Create a mount location (once):

.. code-block:: bash
Michael's avatar
Michael committed
170
171
172

    krause@master:~> $ mkdir NetworkFolders

Michael's avatar
Michael committed
173
174
175
Now mount a folder with this command:

.. code-block:: bash
Michael's avatar
Michael committed
176

Michael's avatar
Michael committed
177
    krause@master:~> $ udevil mount -t cifs smb://$USER@mpib-berlin.mpg.de/SHARE_NAME NetworkFolders/
Michael's avatar
Michael committed
178

Michael's avatar
Michael committed
179
180
181
It will ask you for your password, example:

.. code-block:: bash
Michael's avatar
Michael committed
182

Michael's avatar
Michael committed
183
    krause@master:~> $ udevil mount -t cifs smb://krause@mpib-berlin.mpg.de/fb-lip NetworkFolders/
Michael's avatar
Michael committed
184
185
186
187
188
189
190
191
    Password:
    Mounted //mpib-berlin.mpg.de/fb-lip at /home/mpib/krause/NetworkFolders

    krause@master:~> $ ls NetworkFolders/!MAC
    LIP  ConMem  EEG-Desktop  GWAS  IBSM  IT  LIP-Allgemein  LIP-NSC-Babystudy
    LNDG  MRI-ERGO  MRT-intern  PACSArchiv  Senscog  StructuralPlast  StruktData  Telefonstudio


Michael's avatar
Michael committed
192
193
194
If you want to mount another folder either create a different target directory or **unmount** the old folder first:

.. code-block:: bash
Michael's avatar
Michael committed
195
196
197
198

    krause@master:~> $ udevil umount NetworkFolders/
    krause@master:~> $

Michael Krause's avatar
Michael Krause committed
199
200
You can check all your currently mounted folders with :program:`mount` and filtering by
your username with :program:`mount | grep $USER`.
Michael's avatar
Michael committed
201

202
.. _osxfuse: https://osxfuse.github.io/
Michael Krause's avatar
Michael Krause committed
203
.. _macfusion: http://macfusionapp.org/