Practical Session 1
AIM: Learn how to efficiently and securely connect to the institute computers.
Connecting to MPIMG computers via ssh
-
try to connect using the command
ssh USER@geniux.molgen.mpg.dein your powershell(windows) or terminal (mac/linux) where USER is your username. Once you have given your password you should see:# # ### # # geniux ## ## ## ##### # # # # # system Dell PowerEdge R420 # # # # # # # # # # # # # cpu 16x E5-2470 @ 2.30GHz # # # # # # # # # # # 64 ram 64.2 GB # # ###### ##### # # # # # arch x86_64 / 64-bit # # # # # # # # # # # glibc 2.33 # # # # # # ### #### # # kernel 5.10.70.mx64.403 #1 / to bee or not to bee / tags: amd mx64 server ** internet gateway / multiple purpose ** ** not a compute server **If you only have
puttyon windows - the setup is a bit more cumbersome.
Two Factor Authentication
There is a lot of very precious data in our computer system. We there strongly recommend to use Two Factor Authentication (2FA). Besides your password you then also need a temporary passcode, e.g. generated by your smart phone, to login.
-
To use 2FA run
google-authenticatorafter login togeniux(see above). Answer the questions withyesand scan the QR code with an appropriate app on your phone. I made positive experiences with- Duo Mobile
- Authy
- Authenticator
-
Logout and try to login again. This time you also need to type a "Verification code" (a 6 digit number) which you get from your smart phone.
If you lost your phone or or do not want to use this security feature remove the file ~/.google_authenticator or ask helpdesk@molgen.mpg.de to do this for you.
SSH connection with RSA keys and config
To login into our system is now quite cumbersome. Using a public/private RSA key pair you can make this process much simpler. To do this:
-
generate a RSA key pair on your local computer using
ssh-keygen. You will be asked to provide a file and "passphrase". Answer all request with[return]:# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/USER/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/USER/.ssh/id_rsa Your public key has been saved in /home/USER/.ssh/id_rsa.pub The key fingerprint is: SHA256:B7QqVl8BbV3wUKLjNGz7KiYXkSN412C7ts5htZ8 USER@geniux.molgen.mpg.de The key's randomart image is: +---[RSA 3072]----+ | o ...+++| | . +o..oo+.| | .=..=O. .| | .+o.**.+ | | + o.Soo++ | | + o .+. o | | . .oo. . | | .o=. o . | | =o.. E | +----[SHA256]-----+ -
on your local computer generate a file
.ssh/config- this can easily be done using "VS Code" - with the following contents:Host elcattivo Hostname elcattivo User USER ProxyJump geniux LocalForward PORT elcattivo:PORT Host geniux Hostname geniux.molgen.mpg.de User USERwhere
USERis your username andPORTis a random number between 20000 and 65535. -
Next the public key needs to deposited on the remote computer, i.e.
geniux.Assuming your public key is stored in.ssh/id_rsa.pub`. Open this file using "VS Code" - it should look something like this:ssh-rsa AAAAB3Nza...qHBJE= xyz@blo.orgThis line needs to be appended to the file
.ssh/authorized_keyson geniux.- With some luck you can achieve this by (please copy paste to avoid typos)
A last time you need to provide your password and a verification code.
cat ~/.ssh/id_rsa.pub | ssh USER@geniux.molgen.mpg.de 'cat >> .ssh/authorized_keys && echo "Key copied"' - Otherwise use VS Code to edit the remote copy
.ssh/authorized_keys- see below.
- With some luck you can achieve this by (please copy paste to avoid typos)
-
Logout and connect again
ssh USER@geniux.molgen.mpg.deto check that you did not need to type your password etc. -
now try reconnect - it should work without asking for a password and verification code.
Edit files (local and remote):
The editor VS Code is quite powerful to edit text files and notebooks. One can also it to edit files an remote computers - to do so:
- install the package VS Code
Remote - SSH - open the
Command Palette - choose
Remote SSH: Connect to host ... - choose
geniux, give password and verification code - click open
- navigate to the file
Customizing your mariux shell
It is time to customize your shell on geniux.
-
Edit the file
~/.bashrcon geniux and add the following lines# history export HISTCONTROL=ignoredups:erasedups # no duplicate entries export HISTSIZE=100000 # big history export HISTFILESIZE=100000 # big history shopt -s histappend # append to history, don't overwrite it # make history searchable with prefixes and arrow keys bind '"\e[A"':history-search-backward bind '"\e[B"':history-search-forward # saver versions alias cp='cp -i' alias rm='rm -i' alias mv='mv -i' # process control alias pu='ps -u ${USER} -o pid,user,pcpu,size,start_time,args --sort start_time' alias top='htop' alias topu='htop -u $USER' # helpful complete -d cd # tmux helper alias tm='tmux attach || tmux new'
-
To monitor a remote computer it is recommended to use
htop. You can adjust the shown information - copy the filehelpful/htoprcin this repository to~/.config/htop/htoprcor execute the following linesmkdir -p ~/.config/htop/ cat > ~/.config/htop/htoprc << EOF # Beware! This file is rewritten by htop when settings are changed in the interface. # The parser is also very primitive, and not human-friendly. fields=0 48 17 20 18 38 39 40 2 46 47 49 1 sort_key=46 sort_direction=1 hide_threads=1 hide_kernel_threads=0 hide_userland_threads=1 shadow_other_users=0 show_thread_names=0 show_program_path=0 highlight_base_name=0 highlight_megabytes=1 highlight_threads=0 tree_view=0 header_margin=1 detailed_cpu_time=0 cpu_count_from_zero=0 show_cpu_usage=1 show_cpu_frequency=0 update_process_names=0 account_guest_in_cpu_meter=0 color_scheme=6 enable_mouse=1 delay=15 left_meters=CPU Memory Swap left_meter_modes=1 1 1 right_meters=LoadAverage Uptime Hostname right_meter_modes=2 2 2 vim_mode=0 EOF
Assignment
Please make a screenshot of a terminal session in which you monitor the CPU usage on elcattivo.molgen.mpg.de.