NCSA Home
Contact Us Intranet

Single Sign On: Using the Java GSI-SSHTerm
User Information Home
Data
Security
Allocations
Consulting
Training

NCSA's Help Desk is available 24 hours a day, seven days a week, 365 days a year:
help.ncsa.illinois.edu
217-244-0710
help@ncsa.illinois.edu

  1. Introduction
  2. Prerequisite
  3. Installation
  4. Connecting to XSEDE Systems
  5. SFTP session
  6. Proxy Details
  7. Advance Configuration
  8. FAQs

1. Introduction

With the diverse set of high-performance resources available at NCSA and across XSEDE, it has become common for users to have accounts on multiple HPC systems.  When using a standard SSH utility, users have to remember login and password pairs for each system, and also, unless they are using SSH keys, may have to type in a password every time they connect to a system.

Here we provide a solution via a Java SSH client that allows you to:

  • Connect to remote machines at NCSA and across XSEDE
  • Transfer files between NCSA/XSEDE machines and your local desktop
only requiring you to authenticate once for some period of time (by default the duration is 12 hours, but this can be customized [see the FAQ for information]).

This Java client is a modified version of the Java GSI-SSHTerm Application created by UK's National Grid Service (NGS) that has been customized for XSEDE using GSISSH and MyProxy functionality. You have two choices: a Java Web Start version that installs on your desktop and an applet version that runs inside your browser.

In summary, the benefits are:
  • Easy to install and use
  • Works on all platforms (modulo a Java version prerequisite)
  • Need only to remember a single password for connecting to multiple systems at NCSA and across XSEDE
  • Need only to authenticate once and connect to multiple systems seamlessly
  • Choice of application to install locally or applet within a browser
  • Facilitates the use of Grid software and tools such as uberftp, MPICH-G2, etc. on the NCSA/XSEDE systems.

2. Prerequisite

Java JRE 5.0 with Update 10 or better is required.

Platform Notes Download
Microsoft Windows Windows OSes do not have Java installed by default Java JRE Download from Sun
Unix/Linux While some Unix/Linux distributions come with a default version of Java (Example: GNU Java 'gcj'), the information on this page is based on GSI-SSHTerm running using Sun Java JDK 5.0 (or better).
Mac OS X Version 10.4 is required. Special Java Download for Mac OS X from Apple.

Manual Registration of Java JRE Plugin for Mozilla, Netscape, Firefox, Opera

The following instructions apply to the manual registration of the Java JRE plugin for Mozilla, Netscape, Firefox, and Opera browsers.

Note: We have noticed that Internet Explorer and Firefox on MS Windows machines seem to require no configuration after a Java Runtime Environment(JRE) installation. For users who are using other browsers such as Mozilla/Seamonkey, Firefox (on Linux), Opera, etc. (regardless of the OS), if you are having trouble launching the local application installation or running the applet, additional configuration may be required.

  • Windows (Not applicable for Firefox)
    1. Go to the Edit menu and select Preferences at the bottom of the list.
    2. Under Navigation, select Helper Applications.
    3. Click New Type.
    4. Fill in the following fields: 
            MIME Type: application/x-java-jnlp-file
    Description: JNLP(Java Network Launching Protocol) File
      Extension: jnlp
    5. Select the Open it using the default application radio button.
    6. Click OK.
    Alternatively, try the Windows Java enable instructions.

  • Unix\Linux

If you are still having trouble with your web browser's Java capabilities, please visit that browser's web page for information on enabling Java within your browser.

3. Installation

The GSI-SSHTerm software is by default set to retrieve your grid credentials from the XSEDE MyProxy Server, which requires you to use your XSEDE User Portal username and password. However, only the standalone GSI-SSHTerm application allows you to alternatively retrieve your grid credentials from the NCSA MyProxy Server * using your NCSA kerberos username and password.

Description

Users can authenticate to the MyProxy Server of their choice. *

NCSA MyProxy Server (myproxy.ncsa.uiuc.edu)

XSEDE MyProxy Server (myproxy.xsede.org)

Local Installation
A one stop point and click installation that installs GSI-SSHTerm Java application on your local machine, with just one click of the mouse.

Application*

Web Page Java Applet
Runs GSI-SSHTerm as a Java applet in your web browser. Only a few configuration files are stored locally on your machine.

Applet

4. Connecting to XSEDE Systems

Step 1. Security

When launching GSI-SSHTerm you are first prompted with two security questions. Essentially you are being asked if you trust the providers of this software.

Checking the Always trust this content from this publisher. box will prevent these boxes from popping up the next time that you launch GSI-SSHTerm.

After GSI-SSHTerm starts, follow the steps below to connect to a XSEDE Site.



Step 2.
New Connection

From the menu item select File => New Connection or press keys ALT+N

Additionally, the first icon button on the icon bar can be used to create a new connection.

Step 3.
Specify a Host

You will be prompted to enter the NCSA/XSEDE host to which you want to connect.
For example: in the
Host to Connect to box enter: login-forge.ncsa.xsede.org

You can get the hostnames of the machines from the XSEDE Hardware Resources page. You will need to chose a resource that you have an account on.

Click the Ok button.
Step 4. Authentication

Option 1: Using a MyProxy Server

Note: If you have previously installed grid client software on your local machine, please see directions for Using Your User Certificate below in this section.

By default, GSI-SSHterm will present the option to use a myproxy server to generate your proxy given that you have not previously installed other grid client software that generates proxies using your X.509 Certificate (i.e. you do not have a user certificate installed in your "home directory/.globus" directory).

You will be prompted for the following:

Account Name: <LoginID>   -   *You may have to change this field to match your MyProxy username.
  Passphrase: .... <your NCSA Kerberos Password>

Click the Use MyProxy button.





Option 2: Using Your User Certificate

If you have previously installed and have been using other grid client software packages to do grid computing from your local machine to the various XSEDE sites, then you may already have a way to generate a proxy using your X.509 Certificate.

Even though setting up your grid user certificate is not required, the default behavior of GSI-SSHTerm is to use the user certificate file pair (usercert.pem and userkey.pem) if it is installed/located in your "home directory/.globus" directory to generate your proxy.
Windows <home directory\.globus>
%USERPROFILE%\.globus
(Ex. C:\Documents and Settings\jdoe\.globus)

Linux/Unix <home directory/.globus>
$HOME/.globus
(Ex. /home/jdoe/.globus)

In which case, you will be prompted for the following:
Grid Certifcate Passphrase: .... <User Certificate Password>

Click the Ok button. Otherwise, click the Use Another Method button to get a proxy through a MyProxy server.
This authentication step (#4) is only required once, for the life of your grid credential (SSO).
Step 5.
Additional Connections

For additional connections to the same system, click Tools => Terminal Session or click the "Open a terminal session" icon Terminal Session -- Click to enlarge image button on the icon bar.

For connections to other systems, first select File => New Window or press keys ALT+W, to create a new window or click the "Create new window" icon New Window -- Click to enlarge image button on the icon bar, and then follow the instructions in Step 2 to create a new connection.

Please see the Frequently Asked Questions page if you encounter problems.


5. SFTP Session

Step 1. Starting the SFTP Session

You can begin a SFTP session with GSI-SSHTerm after you have connected to a resource. To start an SFTP session from the menu bar select Tools ==> SFTP Session, or you can click the "SFTP Session" icon button on the icon bar.

Once your SFTP session starts, you should see a window that resembles the image below.

 

Step 2. File Transfer

Uploading Files

To upload files from your local machine to the remote machine, on the menu bar select File => Upload Files or press keys CTRL+V.

Additionally, the "Upload Files" icon button on the icon bar can be used to add files to the remote filesystem.

When the Select files to upload window opens, select (hi-lite) your files and then click the Upload button.

Note: [Windows & Mac OS X Clients Only] Drag and drop functionality works from your explorer/finder window to the SFTP session window.

Downloading Files

To download files from the remote machine to your local machine, on the menu bar select File => Download or press keys CTRL+C after highlighting the files, directories, etc. in the GSI-SSHterm SFTP window.

Additionally, the "Download" icon button on the icon bar can be used to download files from the remote filesystem.

When your Select destination location window opens, choose the location on your local machine where you would like to place your downloaded files and click the Copy button.

6. Proxy Details

To get information on your locally stored proxy you can use the hot keys Alt + I or select the Proxy Info option from the Proxy menu in the menu bar.

To destroy your locally stored proxy you can use the hot keys Alt + D or select the Destroy Proxy option from the Proxy menu in the menu bar.

         


7. Advanced Configuration

Users can configure which MyProxy server to use by editing the file "GSI-SSHTerm.properties". To use the XSEDE MyProxy server, update the following line:

TeraGrid: sshterm.myproxy.defaults.hostname=myproxy.teragrid.org
    NCSA: sshterm.myproxy.defaults.hostname=myproxy.ncsa.uiuc.edu

Windows file location
C:\documents and settings\<user name>\.sshterm\GSI-SSHTerm.properties

Linux/Unix file location
$HOME/.sshterm/GSI-SSHTerm.properties

Uninstalling GSI-SSHterm

  1. Start your "Java Application Cache Viewer" by typing the command "javaws" at your command prompt.

  2. Select the GSI-SSHTerm application(s) and the JCE JDK 1.3 library.


  3. Click the Remove Selected Entries button.

  4. Remove config files and directories:
      * Remove your .globus\certificates directory
       * Remove your .sshterm directory
       * Remove your x509up_* file
     
    
   Windows Locations
   %USERPROFILE%\.globus\certificates
   %USERPROFILE%\.sshterm
   %USERPROFILE%\Local Settings\Temp\x509up_*

   Unix/Linux Locations
   ~/.globus/certificates
   ~/.sshterm
   /tmp/x509up_*

8. FAQs

Please check the Frequently Asked Questions page for solutions to common issues.


University of Illinois home page NCSA Home | About NCSA | NCSA Projects | Blue Waters | NCSA News | NCSA User Info
Contact NCSA | NCSA Intranet | Site Map
Contact consult with questions regarding this page. Last updated May 2, 2012.
All rights reserved. ©2013 Board of Trustees of the University of Illinois.