Any modern Linux distribution with OpenSSH configured with gssapi and Kerberos configured for the FNAL.GOV realm should be able to connect to the LPC cluster.
First check if you already have an account on the cluster. To check click here. It is assumed that you already have a Fermilab ID, FNALU account and kerberos principal. If not visit the "Get an Account" section.
Access to the LPC cluster is controlled by a switch which redirects incoming connections to individual nodes in a round-robin queue.
Connecting to the LPC from a Linux PC
To connect to the LPC cluster you need to have kerberos and openssh with gss support installed on your system. This is already included in Scientific Linux 4. In addtion you will need get the krb5.conf file for Fermilab and save it as /etc/krb5.conf .
To connect to the LPC cluster:
Get an addressless and forwardable kerberos ticket for the FNAL.GOV kerberos realm:
/usr/krb5/bin/kinit -n -f user@FNAL.GOV/usr/kerberos/bin/kinit -A -f user@FNAL.GOV
You will be prompted for your kerberos password in the FNAL.GOV realm.
To verify that you have an addressless and forwardable kerberos ticket:
klist -a -f
Connect to the cluster:
ssh cmslpc.fnal.gov
1) To log into the cluster from an SLC machine kinit -A -f user@FNAL.GOV ; ssh -2 user@cmslpc.fnal.gov
2) MAC users who have updated their ssh to a version greater than 3.8 will need to use both
the -X and -Y options on the ssh command line:
ssh -X -Y cmslpc
This will enable X11 forwarding.
The versions of ssh that do not work with the round robin queue are the ones that do not support gssapi or do not handle the redirection correctly and break afs authentication. The ones known not to work correctly are:
For these versions the LPC cluster direct access nodes must be used if you would like to access your afs area to edit your public_html directory.
LPC cluster direct access nodes.
Other versions of ssh for Linux or Windows PC's may not work correctly (i.e. AFS authentication error messages at login) with the round robin queue. If accessing the LPC cluster through the queue produces error messages, you can try accessing the LPC cluster through one of the following direct access nodes:
ssh cmslpc11.fnal.gov (SL4) ssh cmslpc12.fnal.gov (SL4) The direct access nodes are equivalent to other LPC cluster nodes except that they can be accessed directly.
Non-kerberized ssh clients
Any ssh client without kerberos authentication can be used to connect to the LPC cluster. A Cryptocard is used to generate a password in this case.
Connecting to the LPC Cluster from a Windows PC
Connecting to the LPC cluster through the round-robin queue from a Windows PC is known to work with Kerberized PuTTY. Other terminal programs such as WRQ Relection ssh and openssh for Cygwin only work with the direct access nodes (see above). Directions are given below for establishing a connection to the LPC cluster with Kerberized PuTTY. Directions for installing Cygwin/X or Xming, both free X servers for Windows, are also given. These packages are optional since commercial alternatives such as WRQ Reflection and Exceed exist. Also included are directions for using Filezilla and OpenAFS for Windows to access files in your account.
A patched version of PuTTY which supports Kerberos authentication can be found at http://web.mit.edu/jaltman/Public/putty-0.59-with-gssapi.zip. Download the zip file to your desktop and unzip it. You will also need to download and install MIT Kerberos for Windows. The installer can be found at the MIT Kerberos download page.
To get your Kerberos ticket:
Select Start ->All Programs->Kerberos for Windows->Network Identity Manager
Enter your Kerberos principal, password and FNAL.GOV for the realm and click Login.
To connect to the LPC cluster for the first time with PuTTY:
Double click on the PuTTY icon in the directory where you unzipped the zip file.
In the PuTTY configuration window:
select Session and enter cmslpc.fnal.gov in the HostName field
select Connection and enter your username in the Auto-login username field
select Connection->SSH->Tunnels and check "Enable X11 forwarding"
select Session and enter LPC in the Saved Sessions field and click Save
double click on LPC in the Saved Sessions list
To connect to the LPC cluster with PuTTY:
Double click the PuTTY icon.
In the PuTTY configuration window:
select Session and double click on LPC in the Saved Sessions list
A version of Filezilla which supports kerberos authentication can be downloaded from SourceForge.net. Use this program to transfer files to and from the LPC cluster. Because the afs authentication does not work correctly, you can only read from your home directory on afs with Filezilla. However, you can read and write from /uscms/home and /uscms_data/d1 with Filezilla.
To connect to the LPC cluster for the first time with Filezilla:
Click Start ->All Programs->HPCMP Kerberos->Filezilla or the Filezilla icon on the desktop.
select Edit->Settings->GSS Support
check "Enable Kerberos GSS support"
add "fnal.gov" to the GSS enabled servers list and click OK
select File->SiteManager
click on new site and enter LPC for the name
enter cmslpc.fnal.gov in the Host: field
select ServerType "SFTP using SSH2"
select Logontype Normal and enter your username in the User: field
click Connect
To connect to the LPC cluster with Filezilla:
Click Start ->All Programs->HPCMP Kerberos->Filezilla or the Filezilla icon on the desktop.
select File->SiteManager
click on LPC and click on Connect
Cygwin/X and Xming are implementations of X11 on the Windows platform. With X11 forwarding enabled in PuTTY and an X server running, programs like Root and emacs can be displayed on the Windows desktop.
To install Cygwin/X follow the download and installation directions from the user's guide.
After installing Cygwin/X copy c:\cygwin\X11R6\bin\startxwin.bat to the desktop. Edit startxwin.bat and remove the line
run xterm -e /usr/bin/bash -l
To start the Xserver double click on startxwin.bat.
Files from your afs home area can be accessed through AFS. The OpenAFS client for Windows allows users to access their files in AFS.
The OpenAFS client for Windows can be downloaded from here.
During the installation enter fnal.gov as the AFS cell. After installation is complete you will be required to reboot to activate the OpenAFS client. After rebooting the OpenAFS client will prompt you to enter your AFS username and password to obtain an AFS ticket. This prompt can be canceled since the AFS ticket can be obtained using aklog.
To get your AFS ticket:
Obtain your Kerberos ticket as described above.
Select Start ->All Programs->HPCMP Kerberos->aklog
To access AFS files:
Select Start ->All Programs->OpenAFS->Authetication or the padlock icon in the system tray.
In the AFS client window select Drive Letters and click on Add.
Enter the path in AFS that you want to access.
Select Start->My Computer and double click on the newly created drive letter.