This repository has been archived by the owner on Aug 15, 2023. It is now read-only.
forked from ArndtLab/NanoCourseReproducibleResearch
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Peter F Arndt
committed
Dec 13, 2021
1 parent
06d39a1
commit 2f35750
Showing
2 changed files
with
221 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,191 @@ | ||
| # Practical Session 1 | ||
|
|
||
| AIM: Learn how to efficiently and securely connect to the institute computers. | ||
|
|
||
|
|
||
| ## Connecting to MPIMG computers via `ssh` | ||
|
|
||
| - try to connect using the command `ssh USER@geniux.molgen.mpg.de` in your powershell(windows) or terminal (mac/linux) where USER is your username. Once you have given your password you should see: | ||
|
|
||
|
|
||
| ``` | ||
| # # ### # # geniux | ||
| ## ## ## ##### # # # # # system Dell PowerEdge R420 | ||
| # # # # # # # # # # # # # cpu 16x E5-2470 @ 2.30GHz | ||
| # # # # # # # # # # # 64 ram 64.2 GB | ||
| # # ###### ##### # # # # # arch x86_64 / 64-bit | ||
| # # # # # # # # # # # glibc 2.33 | ||
| # # # # # # ### #### # # kernel 5.10.70.mx64.403 #1 | ||
| / to bee or not to bee / tags: amd mx64 server | ||
| ** internet gateway / multiple purpose ** | ||
| ** not a compute server ** | ||
| ``` | ||
|
|
||
| If you only have `putty` on windows - the setup is a bit more cumbersome. | ||
|
|
||
|
|
||
|
|
||
|
|
||
| ## Two Factor Authentication | ||
|
|
||
| There is a lot of very precious data in our computer system. We there **strongly** recommend to use Two Factor Authentication (2FA). Besides your password you then also need a temporary passcode, e.g. generated by your smart phone, to login. | ||
|
|
||
|
|
||
| - To use 2FA run `google-authenticator` after login to `geniux` (see above). Answer the questions with `yes` and scan the QR code with an appropriate app on your phone. I made positive experiences with | ||
| - Duo Mobile | ||
| - Authy | ||
| - Authenticator | ||
|
|
||
| - Logout and try to login again. This time you also need to type a "Verification code" (a 6 digit number) which you get from your smart phone. | ||
|
|
||
| If you lost your phone or or do not want to use this security feature remove the file `~/.google_authenticator` or ask `helpdesk@molgen.mpg.de` to do this for you. | ||
|
|
||
|
|
||
| ## SSH connection with RSA keys and config | ||
| To login into our system is now quite cumbersome. Using a public/private RSA key pair you can make this process much simpler. To do this: | ||
|
|
||
|
|
||
| - generate a RSA key pair on your local computer using `ssh-keygen`. You will be asked to provide a file and "passphrase". Answer all request with `[return]`: | ||
| ``` | ||
| # ssh-keygen | ||
| Generating public/private rsa key pair. | ||
| Enter file in which to save the key (/home/USER/.ssh/id_rsa): | ||
| Enter passphrase (empty for no passphrase): | ||
| Enter same passphrase again: | ||
| Your identification has been saved in /home/USER/.ssh/id_rsa | ||
| Your public key has been saved in /home/USER/.ssh/id_rsa.pub | ||
| The key fingerprint is: | ||
| SHA256:B7QqVl8BbV3wUKLjNGz7KiYXkSN412C7ts5htZ8 USER@geniux.molgen.mpg.de | ||
| The key's randomart image is: | ||
| +---[RSA 3072]----+ | ||
| | o ...+++| | ||
| | . +o..oo+.| | ||
| | .=..=O. .| | ||
| | .+o.**.+ | | ||
| | + o.Soo++ | | ||
| | + o .+. o | | ||
| | . .oo. . | | ||
| | .o=. o . | | ||
| | =o.. E | | ||
| +----[SHA256]-----+ | ||
| ``` | ||
|
|
||
|
|
||
| - on your local computer generate a file `.ssh/config` - this can easily be done using "VS Code" - | ||
| with the following contents: | ||
| ``` | ||
| Host elcattivo | ||
| Hostname elcattivo | ||
| User USER | ||
| ProxyJump geniux | ||
| LocalForward PORT elcattivo:PORT | ||
| Host geniux | ||
| Hostname geniux.molgen.mpg.de | ||
| User USER | ||
| ``` | ||
| where `USER` is your username and `PORT` is a random number between 20000 and 65535. | ||
|
|
||
|
|
||
|
|
||
| - Next the **public** key needs to deposited on the remote computer, i.e. `geniux`. `Assuming your public key is stored in `.ssh/id_rsa.pub`. Open this file using "VS Code" - it should look something like this: | ||
| ``` | ||
| ssh-rsa AAAAB3Nza...qHBJE= xyz@blo.org | ||
| ``` | ||
|
|
||
| This line needs to be **appended** to the file `.ssh/authorized_keys` on geniux. | ||
| - With some luck you can achieve this by | ||
| ``` | ||
| cat ~/.ssh/id_rsa.pub | ssh USER@geniux.molgen.mpg.de 'cat >> .ssh/authorized_keys && echo "Key copied"' | ||
| ``` | ||
| A _last_ time you need to provide your password and a verification code. | ||
| - Otherwise use VS Code to edit the remote copy `.ssh/authorized_keys` - see below. | ||
|
|
||
|
|
||
|
|
||
| - Logout and connect again `ssh USER@geniux.molgen.mpg.de` to check that you did not need to type your password etc. | ||
|
|
||
|
|
||
| - now try reconnect - it should work without asking for a password and verification code. | ||
|
|
||
| ## Edit files (local and remote): | ||
| The editor `VS Code` is quite powerful to edit text files and notebooks. One can also it to edit files an **remote** computers - to do so: | ||
| - install the package VS Code `Remote - SSH` | ||
| - open the `Command Palette` | ||
| - choose `Remote SSH: Connect to host ...` | ||
| - choose `geniux`, give password and verification code | ||
| - click open | ||
| - navigate to the file | ||
|
|
||
|
|
||
|
|
||
| ## Customizing your mariux shell | ||
| It is time to customize your `shell` on geniux. | ||
| - Edit the file `~/.bashrc` on geniux and add the following lines | ||
| ```bash | ||
| # history | ||
| export HISTCONTROL=ignoredups:erasedups # no duplicate entries | ||
| export HISTSIZE=100000 # big history | ||
| export HISTFILESIZE=100000 # big history | ||
| shopt -s histappend # append to history, don't overwrite it | ||
|
|
||
| # make history searchable with prefixes and arrow keys | ||
| bind '"\e[A"':history-search-backward | ||
| bind '"\e[B"':history-search-forward | ||
|
|
||
| # saver versions | ||
| alias cp='cp -i' | ||
| alias rm='rm -i' | ||
| alias mv='mv -i' | ||
|
|
||
| # process control | ||
| alias pu='ps -u ${USER} -o pid,user,pcpu,size,start_time,args --sort start_time' | ||
| alias top='htop' | ||
| alias topu='htop -u $USER' | ||
|
|
||
| # helpful | ||
| complete -d cd | ||
|
|
||
| # tmux helper | ||
| alias tm='tmux attach || tmux new' | ||
| ``` | ||
|
|
||
| - To monitor a remote computer it is recommended to use `htop`. You can adjust the shown information - copy the file `helpful/htoprc` to `~/.config/htop/` or execute the following lines | ||
| ``` | ||
| mkdir -p ~/.config/htop/ | ||
| cd ~/.config/htop/ | ||
| cat > htoprc << EOF | ||
| # Beware! This file is rewritten by htop when settings are changed in the interface. | ||
| # The parser is also very primitive, and not human-friendly. | ||
| fields=0 48 17 20 18 38 39 40 2 46 47 49 1 | ||
| sort_key=46 | ||
| sort_direction=1 | ||
| hide_threads=1 | ||
| hide_kernel_threads=0 | ||
| hide_userland_threads=1 | ||
| shadow_other_users=0 | ||
| show_thread_names=0 | ||
| show_program_path=0 | ||
| highlight_base_name=0 | ||
| highlight_megabytes=1 | ||
| highlight_threads=0 | ||
| tree_view=0 | ||
| header_margin=1 | ||
| detailed_cpu_time=0 | ||
| cpu_count_from_zero=0 | ||
| show_cpu_usage=1 | ||
| show_cpu_frequency=0 | ||
| update_process_names=0 | ||
| account_guest_in_cpu_meter=0 | ||
| color_scheme=6 | ||
| enable_mouse=1 | ||
| delay=15 | ||
| left_meters=CPU Memory Swap | ||
| left_meter_modes=1 1 1 | ||
| right_meters=LoadAverage Uptime Hostname | ||
| right_meter_modes=2 2 2 | ||
| vim_mode=0 | ||
| EOF | ||
| ``` | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| # Beware! This file is rewritten by htop when settings are changed in the interface. | ||
| # The parser is also very primitive, and not human-friendly. | ||
| fields=0 48 17 20 18 38 39 40 2 46 47 49 1 | ||
| sort_key=46 | ||
| sort_direction=1 | ||
| hide_threads=1 | ||
| hide_kernel_threads=0 | ||
| hide_userland_threads=1 | ||
| shadow_other_users=0 | ||
| show_thread_names=0 | ||
| show_program_path=0 | ||
| highlight_base_name=0 | ||
| highlight_megabytes=1 | ||
| highlight_threads=0 | ||
| tree_view=0 | ||
| header_margin=1 | ||
| detailed_cpu_time=0 | ||
| cpu_count_from_zero=0 | ||
| show_cpu_usage=1 | ||
| show_cpu_frequency=0 | ||
| update_process_names=0 | ||
| account_guest_in_cpu_meter=0 | ||
| color_scheme=6 | ||
| enable_mouse=1 | ||
| delay=15 | ||
| left_meters=CPU Memory Swap | ||
| left_meter_modes=1 1 1 | ||
| right_meters=LoadAverage Uptime Hostname | ||
| right_meter_modes=2 2 2 | ||
| vim_mode=0 |