vivek-bala
commented
5 years ago That certainly will ease things! Can you share your secret with us? :) Just want to make sure the your method to setup ssh is compatible with how we use ssh to access.
Closed Weiming-Hu closed 5 years ago
vivek-bala
commented
5 years ago That certainly will ease things! Can you share your secret with us? :) Just want to make sure the your method to setup ssh is compatible with how we use ssh to access.
Weiming-Hu
commented
5 years ago I used the control master mechanism. It reuses the connection rather than creating a new one each time. You can specify the length of the live session (3 seconds to minutes, I don't know whether there is an upper bound).
Specifically, I have the following part in my ~/.ssh/config
Host cheyenne
User wuh20
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p
Hostname cheyenne.ucar.eduThe first time of ssh, authentication is still needed. But after that, the connection is just reused.
vivek-bala
commented
5 years ago Oh that's new for me. Good to know. Unless there is a hard cutoff/upper bound, I think this might work. We need a change in RP though to enable ssh access to Cheyenne. I created a ticket for it in RP: https://github.com/radical-cybertools/radical.pilot/issues/1853.
@andre-merzky @mturilli do you see any issues with this ssh access mode?
Weiming-Hu
commented
5 years ago Right. I learned this rather recently. Once the connection is initiated (you logged in once), you can close the terminal and the connection remains alive for the length that you've specified. Then the subsequent ssh request will no longer need a password. Let me know when I should give this a try. Probably I will need your help.
andre-merzky
commented
5 years ago Nice! You way want to find out for how long the master stays alive. Many sites have a limit of about a day. If so, you need to be careful that it does not time out during an experiment, as RCT will not be able to recover from a failing master (in most cases).
Its cool that this works on Cheyenne though!
andre-merzky
commented
5 years ago @andre-merzky @mturilli do you see any issues with this ssh access mode?
No, that should just work (TM).
vivek-bala
commented
5 years ago Thanks Andre!
@Weiming-Hu can you pull the fix/cheyenne branch and try to run from your desktop machine after setting up the passwordless access. As Andre mentioned, you should find out what the maximum time limit is for the ssh connection.
Weiming-Hu
commented
5 years ago How could I find it out? Is it as simple as to just try ssh every 10 minutes until it fails?
vivek-bala
commented
5 years ago No, I think it would policy enforced by the system admins. Best/quickest option would be to ask them directly.
Weiming-Hu
commented
5 years ago I have contacted the sysadmin. Actually, they are not aware of this mechanism, so they didn't provide me an absolute answer. I'm almost tempted to give this a try. But now it is blocked by issue #88.
Weiming-Hu
commented
5 years ago Taking this task offline.
I have recently figured out a way to bypass the Yubikey mechanism and achieve passwordless access to Cheyenne through ssh control master. Then, I'm wondering whether it is possible to submit EnTK jobs directly from my local laptop?
Thank you