Table of Contents |
---|
A. PCDS recommended procedure to configure "on-" and "off-site" dotfiles (SSH, bashrc, git, ...)
Read and follow the instructions here: https://github.com/pcdshub/shared-dotfiles
Quite exhaustive documentation can be found here: SSH, Kerberos, Keys, Certificates, Encryption and all that
Specifically for LCLS, this is all we need to know! Linux/macOS: How to configure SSH tunneling and jump hosts for easy access to PCDS resourcesNotes
Note:
- there is no passwordless solution around pslogin BUT multiplexing can work with only one password request (see above)!
- Proxy jumping to mfx-daq as mfxopr through pslogin won't work: it'll ask for mfxopr password...
Jira server SLAC National Accelerator Laboratory columnIds issuekey,summary,issuetype,created,updated,duedate,assignee,reporter,priority,status,resolution columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 1b8dc293-975d-3f2d-b988-18fd9aec1546 key ECS-3742
B. Minimal use cases
ssh to mfx-daq in one step
Step 1. on your local machine, add this to your ~/.ssh/config file:
Code Block |
---|
Host pslogin
Hostname pslogin.slac.stanford.edu
ForwardAgent yes
ForwardX11Trusted yes
ControlMaster auto
ControlPath ~/.SSH-%r@%h:%p
Host psbuild-rhel7
HostName psbuild-rhel7-01
ForwardAgent yes
ForwardX11Trusted yes
ProxyJump %r@${PS_JUMP_HOST=pslogin}
Host mfx-daq
ForwardX11Trusted yes
ProxyJump %r@psbuild-rhel7 |
Step 2. Execute the following command in the terminal - you might be prompted for your password on pslogin:
$ ssh mfx-daq
git push and pull from mfx-daq
Setp 1. on any PCDS machine (e.g. pslogin or psbuild-rhel7), add this to your ~/.ssh/config file:
Code Block |
---|
Match host github.com exec "echo ${http_proxy} | grep psproxy"
ProxyJump psproxy.pcdsn
Host github.com
HostName github.com
User git
ForwardAgent no
ForwardX11 no
ForwardX11Trusted no
PreferredAuthentications=publickey
RequestTTY no
UpdateHostKeys yes
Host *
ForwardAgent yes
ForwardX11 yes
ForwardX11Trusted yes
PreferredAuthentications=gssapi-with-mic,publickey,password |
Step 2. and this to your ~/.bashrc:
Code Block |
---|
# Configure web proxy settings on a per-host basis.
# Tools like ``wget`` or ``curl`` will use the environment variable settings to
# proxy requests through the host "psproxy.pcdsn".
case $(hostname -s) in
# Hosts with direct Internet access
psbuild-* | pslogin* | cent7* )
unset http_proxy;
unset https_proxy;
;;
# Hosts with no access to psproxy.pcdsn
mcclogin | lcls-* )
unset http_proxy;
unset https_proxy;
;;
# Other hosts likely do not have direct Internet access
* )
export http_proxy=http://psproxy.pcdsn:3128;
export https_proxy=http://psproxy.pcdsn:3128;
;;
esac |
Step 3. now you can push and pull with git, for example to update the hutch python code:
Code Block |
---|
[fpoitevi@mfx-daq mfx]$ pwd
/reg/g/pcds/pyps/apps/hutch-python/mfx
[fpoitevi@mfx-daq mfx]$ git push origin-ssh master
Warning: Permanently added 'psproxy.pcdsn' (ED25519) to the list of known hosts.
Counting objects: 9, done.
Delta compression using up to 32 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 524 bytes | 0 bytes/s, done.
Total 5 (delta 2), reused 0 (delta 0)
remote: Resolving deltas: 100% (2/2), completed with 2 local objects.
remote: Killed by signal 1.
To git@github.com:pcdshub/mfx.git
1c9b2bb..2d41ae9 master -> master |