A. PCDS recommended procedure to configure "on-" and "off-site" dotfiles (SSH, bashrc, git, ...)
Read and follow the instructions here: https://github.com/pcdshub/shared-dotfiles
Quite exhaustive documentation can be found here: SSH, Kerberos, Keys, Certificates, Encryption and all that
Specifically for LCLS, this is all we need to know! Linux/macOS: How to configure SSH tunneling and jump hosts for easy access to PCDS resources
Note:
- there is no passwordless solution around pslogin BUT multiplexing can work with only one password request (see above)!
- Proxy jumping to mfx-daq as mfxopr through pslogin won't work: it'll ask for mfxopr password... - ECS-3742Getting issue details... STATUS
B. Minimal use cases
ssh to mfx-daq in one step
Step 1. on your local machine, add this to your ~/.ssh/config file:
Host pslogin Hostname pslogin.slac.stanford.edu ForwardAgent yes ForwardX11Trusted yes ControlMaster auto ControlPath ~/.SSH-%r@%h:%p Host psbuild-rhel7 HostName psbuild-rhel7-01 ForwardAgent yes ForwardX11Trusted yes ProxyJump %r@${PS_JUMP_HOST=pslogin} Host mfx-daq ForwardX11Trusted yes ProxyJump %r@psbuild-rhel7
Step 2. Execute the following command in the terminal - you might be prompted for your password on pslogin:
$ ssh mfx-daq
git push and pull from mfx-daq
Setp 1. on any PCDS machine (e.g. pslogin or psbuild-rhel7), add this to your ~/.ssh/config file:
Match host github.com exec "echo ${http_proxy} | grep psproxy" ProxyJump psproxy.pcdsn Host github.com HostName github.com User git ForwardAgent no ForwardX11 no ForwardX11Trusted no PreferredAuthentications=publickey RequestTTY no UpdateHostKeys yes Host * ForwardAgent yes ForwardX11 yes ForwardX11Trusted yes PreferredAuthentications=gssapi-with-mic,publickey,password
Step 2. and this to your ~/.bashrc:
# Configure web proxy settings on a per-host basis. # Tools like ``wget`` or ``curl`` will use the environment variable settings to # proxy requests through the host "psproxy.pcdsn". case $(hostname -s) in # Hosts with direct Internet access psbuild-* | pslogin* | cent7* ) unset http_proxy; unset https_proxy; ;; # Hosts with no access to psproxy.pcdsn mcclogin | lcls-* ) unset http_proxy; unset https_proxy; ;; # Other hosts likely do not have direct Internet access * ) export http_proxy=http://psproxy.pcdsn:3128; export https_proxy=http://psproxy.pcdsn:3128; ;; esac
Step 3. now you can push and pull with git, for example to update the hutch python code:
[fpoitevi@mfx-daq mfx]$ pwd /reg/g/pcds/pyps/apps/hutch-python/mfx [fpoitevi@mfx-daq mfx]$ git push origin-ssh master Warning: Permanently added 'psproxy.pcdsn' (ED25519) to the list of known hosts. Counting objects: 9, done. Delta compression using up to 32 threads. Compressing objects: 100% (5/5), done. Writing objects: 100% (5/5), 524 bytes | 0 bytes/s, done. Total 5 (delta 2), reused 0 (delta 0) remote: Resolving deltas: 100% (2/2), completed with 2 local objects. remote: Killed by signal 1. To git@github.com:pcdshub/mfx.git 1c9b2bb..2d41ae9 master -> master