Vm access » History » Version 3
Herve Caumont, 2013-06-20 14:53
1 | 1 | Herve Caumont | h1. SSH Connexion |
---|---|---|---|
2 | |||
3 | {{>toc}} |
||
4 | |||
5 | 2 | Herve Caumont | h2. Pre-conditions |
6 | 1 | Herve Caumont | |
7 | 2 | Herve Caumont | To access your Sandbox, you need a secure connection (via ssh or putty) |
8 | You will make use of your private keys to establish the handshake with the infrastructure. |
||
9 | 1 | Herve Caumont | |
10 | 2 | Herve Caumont | Your X.509 certificate was generated during your initial Registration step. |
11 | Your Sandbox IP, or <sandboxhost>, was provided in your "First connection" email. |
||
12 | 1 | Herve Caumont | |
13 | 2 | Herve Caumont | h2. Connecting from Unix / Linux (using ssh) |
14 | 1 | Herve Caumont | |
15 | * The user downloads his X.509 certificate from the user management portal (e.g. in PEM format), either with encrypted private key (recommended) or unencrypted private key (not recommended) |
||
16 | * On the command line, the user can now directly access the VM using: |
||
17 | |||
18 | <pre>ssh -i <username>.pem <username>@<sandboxhost></pre> |
||
19 | |||
20 | Depending on the downloaded format, the user has to provide his passphrase (if encrypted key was downloaded) or not (if the key was downloaded unencrypted). |
||
21 | |||
22 | 2 | Herve Caumont | h2. Connecting from Windows (using putty) |
23 | 1 | Herve Caumont | |
24 | If the user wants to login from Windows using putty (a well-known freely available ssh client), the key must be converted into a putty-compatible format first: |
||
25 | |||
26 | * The user must download his X.509 certificate from in PEM format [*with unencrypted key*]. |
||
27 | * From the file, the private key must be extracted manually (using a text editor): Copy the part |
||
28 | |||
29 | <pre>-----BEGIN RSA PRIVATE KEY----- |
||
30 | MII.... |
||
31 | -----END RSA PRIVATE KEY-----</pre> |
||
32 | |||
33 | and paste it into a new file named e.g. <user>.private. Make sure this file is in a secure and safe place. |
||
34 | |||
35 | * This private key must now be imported with "puttygen":http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe either on the command line: |
||
36 | |||
37 | <pre>puttygen <user>.private</pre> |
||
38 | |||
39 | > or using the import or load function in puttygen. The import should succeed with the following message: |
||
40 | !/attachments/download/5/Screen%20Shot%202013-03-19%20at%2009.22.54.png! |
||
41 | |||
42 | * The file must now be saved as private key either with (recommended) or without (not recommended) passphrase. Preferably name the resulting key <user>.ppk by clicking the "Save private key" button in the screen below: |
||
43 | 3 | Herve Caumont | |
44 | 1 | Herve Caumont | !/attachments/download/6/Screen%20Shot%202013-03-19%20at%2009.24.54.png! |
45 | |||
46 | * Now the user can access the VM with "putty":http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe in the command line: |
||
47 | <pre> |
||
48 | putty –I <user>.ppk <user>@<sandboxhost> |
||
49 | </pre> |
||
50 | or save the corresponding info in a "Pageant":http://the.earth.li/~sgtatham/putty/latest/x86/pageant.exe session with the following four steps: In the session dialog, the "Host Name (or IP address)" field needs to be set to <sandboxhost> (Protocol SSH, Port 22): |
||
51 | > !http://controller.ciop.terradue.com/attachments/download/3/Untitled3.png! |
||
52 | |||
53 | * The, <user> must be added to the "Auto-login username" field in the Connection dialog: |
||
54 | > !http://controller.ciop.terradue.com/attachments/download/4/Untitled4.png! |
||
55 | and the created private key file needs to be referenced in the "Private key file for authentication" field of the Auth dialog: |
||
56 | > !http://controller.ciop.terradue.com/attachments/download/5/Untitled5.png! |
||
57 | Finally, the session can be saved (Session dialog) or just opened (Open button below). |
||
58 | |||
59 | * Make sure that the unencrypted X.509 PEM certificate is deleted (or at least stored in a secure and safe location) after this setup. The X.590 PEM certificate is not used to access the system with putty. Only the generated *<user>.ppk* file is needed. |