From 2f3575022a5e3037cf41071731d2ffcaed7aa0b8 Mon Sep 17 00:00:00 2001 From: Peter F Arndt Date: Mon, 13 Dec 2021 15:13:50 +0100 Subject: [PATCH] a first version --- PracticalSession-1.md | 191 ++++++++++++++++++++++++++++++++++++++++++ helpful/htoprc | 30 +++++++ 2 files changed, 221 insertions(+) create mode 100644 PracticalSession-1.md create mode 100644 helpful/htoprc diff --git a/PracticalSession-1.md b/PracticalSession-1.md new file mode 100644 index 0000000..3d6e0b0 --- /dev/null +++ b/PracticalSession-1.md @@ -0,0 +1,191 @@ +# Practical Session 1 + +AIM: Learn how to efficiently and securely connect to the institute computers. + + +## Connecting to MPIMG computers via `ssh` + +- try to connect using the command `ssh USER@geniux.molgen.mpg.de` in your powershell(windows) or terminal (mac/linux) where USER is your username. Once you have given your password you should see: + + + ``` + # # ### # # geniux + ## ## ## ##### # # # # # system Dell PowerEdge R420 + # # # # # # # # # # # # # cpu 16x E5-2470 @ 2.30GHz + # # # # # # # # # # # 64 ram 64.2 GB + # # ###### ##### # # # # # arch x86_64 / 64-bit + # # # # # # # # # # # glibc 2.33 + # # # # # # ### #### # # kernel 5.10.70.mx64.403 #1 + + / to bee or not to bee / tags: amd mx64 server + ** internet gateway / multiple purpose ** + ** not a compute server ** + ``` + + If you only have `putty` on windows - the setup is a bit more cumbersome. + + + + +## Two Factor Authentication + +There is a lot of very precious data in our computer system. We there **strongly** recommend to use Two Factor Authentication (2FA). Besides your password you then also need a temporary passcode, e.g. generated by your smart phone, to login. + + +- To use 2FA run `google-authenticator` after login to `geniux` (see above). Answer the questions with `yes` and scan the QR code with an appropriate app on your phone. I made positive experiences with + - Duo Mobile + - Authy + - Authenticator + +- Logout and try to login again. This time you also need to type a "Verification code" (a 6 digit number) which you get from your smart phone. + +If you lost your phone or or do not want to use this security feature remove the file `~/.google_authenticator` or ask `helpdesk@molgen.mpg.de` to do this for you. + + +## SSH connection with RSA keys and config +To login into our system is now quite cumbersome. Using a public/private RSA key pair you can make this process much simpler. To do this: + + +- generate a RSA key pair on your local computer using `ssh-keygen`. You will be asked to provide a file and "passphrase". Answer all request with `[return]`: + ``` + # ssh-keygen + Generating public/private rsa key pair. + Enter file in which to save the key (/home/USER/.ssh/id_rsa): + Enter passphrase (empty for no passphrase): + Enter same passphrase again: + Your identification has been saved in /home/USER/.ssh/id_rsa + Your public key has been saved in /home/USER/.ssh/id_rsa.pub + The key fingerprint is: + SHA256:B7QqVl8BbV3wUKLjNGz7KiYXkSN412C7ts5htZ8 USER@geniux.molgen.mpg.de + The key's randomart image is: + +---[RSA 3072]----+ + | o ...+++| + | . +o..oo+.| + | .=..=O. .| + | .+o.**.+ | + | + o.Soo++ | + | + o .+. o | + | . .oo. . | + | .o=. o . | + | =o.. E | + +----[SHA256]-----+ + ``` + + +- on your local computer generate a file `.ssh/config` - this can easily be done using "VS Code" - + with the following contents: + ``` + Host elcattivo + Hostname elcattivo + User USER + ProxyJump geniux + LocalForward PORT elcattivo:PORT + + Host geniux + Hostname geniux.molgen.mpg.de + User USER + ``` + where `USER` is your username and `PORT` is a random number between 20000 and 65535. + + + +- Next the **public** key needs to deposited on the remote computer, i.e. `geniux`. `Assuming your public key is stored in `.ssh/id_rsa.pub`. Open this file using "VS Code" - it should look something like this: + ``` + ssh-rsa AAAAB3Nza...qHBJE= xyz@blo.org + ``` + + This line needs to be **appended** to the file `.ssh/authorized_keys` on geniux. + - With some luck you can achieve this by + ``` + cat ~/.ssh/id_rsa.pub | ssh USER@geniux.molgen.mpg.de 'cat >> .ssh/authorized_keys && echo "Key copied"' + ``` + A _last_ time you need to provide your password and a verification code. + - Otherwise use VS Code to edit the remote copy `.ssh/authorized_keys` - see below. + + + +- Logout and connect again `ssh USER@geniux.molgen.mpg.de` to check that you did not need to type your password etc. + + +- now try reconnect - it should work without asking for a password and verification code. + +## Edit files (local and remote): +The editor `VS Code` is quite powerful to edit text files and notebooks. One can also it to edit files an **remote** computers - to do so: + - install the package VS Code `Remote - SSH` + - open the `Command Palette` + - choose `Remote SSH: Connect to host ...` + - choose `geniux`, give password and verification code + - click open + - navigate to the file + + + +## Customizing your mariux shell +It is time to customize your `shell` on geniux. +- Edit the file `~/.bashrc` on geniux and add the following lines + ```bash + # history + export HISTCONTROL=ignoredups:erasedups # no duplicate entries + export HISTSIZE=100000 # big history + export HISTFILESIZE=100000 # big history + shopt -s histappend # append to history, don't overwrite it + + # make history searchable with prefixes and arrow keys + bind '"\e[A"':history-search-backward + bind '"\e[B"':history-search-forward + + # saver versions + alias cp='cp -i' + alias rm='rm -i' + alias mv='mv -i' + + # process control + alias pu='ps -u ${USER} -o pid,user,pcpu,size,start_time,args --sort start_time' + alias top='htop' + alias topu='htop -u $USER' + + # helpful + complete -d cd + + # tmux helper + alias tm='tmux attach || tmux new' + ``` + +- To monitor a remote computer it is recommended to use `htop`. You can adjust the shown information - copy the file `helpful/htoprc` to `~/.config/htop/` or execute the following lines + ``` + mkdir -p ~/.config/htop/ + cd ~/.config/htop/ + cat > htoprc << EOF + # Beware! This file is rewritten by htop when settings are changed in the interface. + # The parser is also very primitive, and not human-friendly. + fields=0 48 17 20 18 38 39 40 2 46 47 49 1 + sort_key=46 + sort_direction=1 + hide_threads=1 + hide_kernel_threads=0 + hide_userland_threads=1 + shadow_other_users=0 + show_thread_names=0 + show_program_path=0 + highlight_base_name=0 + highlight_megabytes=1 + highlight_threads=0 + tree_view=0 + header_margin=1 + detailed_cpu_time=0 + cpu_count_from_zero=0 + show_cpu_usage=1 + show_cpu_frequency=0 + update_process_names=0 + account_guest_in_cpu_meter=0 + color_scheme=6 + enable_mouse=1 + delay=15 + left_meters=CPU Memory Swap + left_meter_modes=1 1 1 + right_meters=LoadAverage Uptime Hostname + right_meter_modes=2 2 2 + vim_mode=0 + EOF + ``` + diff --git a/helpful/htoprc b/helpful/htoprc new file mode 100644 index 0000000..b84e0bf --- /dev/null +++ b/helpful/htoprc @@ -0,0 +1,30 @@ +# Beware! This file is rewritten by htop when settings are changed in the interface. +# The parser is also very primitive, and not human-friendly. +fields=0 48 17 20 18 38 39 40 2 46 47 49 1 +sort_key=46 +sort_direction=1 +hide_threads=1 +hide_kernel_threads=0 +hide_userland_threads=1 +shadow_other_users=0 +show_thread_names=0 +show_program_path=0 +highlight_base_name=0 +highlight_megabytes=1 +highlight_threads=0 +tree_view=0 +header_margin=1 +detailed_cpu_time=0 +cpu_count_from_zero=0 +show_cpu_usage=1 +show_cpu_frequency=0 +update_process_names=0 +account_guest_in_cpu_meter=0 +color_scheme=6 +enable_mouse=1 +delay=15 +left_meters=CPU Memory Swap +left_meter_modes=1 1 1 +right_meters=LoadAverage Uptime Hostname +right_meter_modes=2 2 2 +vim_mode=0