Automated pC setup
This page describes the method to automate the pC analysis. The first step is to obtain an SSH gateway account (call ITD for help to create a new account). The following webpage provides instructions on using the SSH gateways:
http://www.bnl.gov/itd/unix/ssh/ssh_linux.php
In addition, one will need to have account on the blue and yellow pC machines which are located at IP12.
Setting up an ssh tunnel
To copy new datafiles we need to be able to ssh directly to the DAQ machines. The way to access them directly is to create a tunnel through the PBN SSH Gateway.
Running ssh tunnel will open a local TCP ports that would be tunnelled to the particular TCP ports of machines behind the firewall. This will allow clients to use these tunnels to access remote machines at any time while the tunnel is up.
The steps needed to setup such tunnel are described below.
First add following records into your ~/.ssh/config file on eic0005 (create the file if it doesn't exist, replace gdwebb with your CAD username).
# you need this section to setup tunnels Host ssh.pbn.bnl.gov HostName ssh.pbn.bnl.local LocalForward 2200 acnlinf8.pbn.bnl.gov:22 LocalForward 2201 acnlinf9.pbn.bnl.gov:22 User gdwebb # you need these sections to use tunnels Host yellowpc HostName localhost ForwardX11 yes User gdwebb Port 2200 HostKeyAlias alias_yellowpc Host bluepc HostName localhost ForwardX11 yes User gdwebb Port 2201 HostKeyAlias alias_bluepc # you need this section just as a short alias for eicsrv1 Host eicsrv1 HostName eicsrv1.phy.bnl.gov ForwardX11 yes User cnipol
Setting up a passwordless DAQ machine access
This step will require your public key to be added to the ~/.ssh/authorized_keys file at the remote machines. We assume that you have your public key located at ~/.ssh/id_rsa.pub. Use ssh-keygen to generate a new key pair if you need to. To add your key from ~/.ssh/id_rsa.pub to authorized_keys of the SSH Gateway do on eic0005:
cat ~/.ssh/id_rsa.pub | ssh ssh.pbn.bnl.gov "mkdir ~/.ssh; chmod 700 ~/.ssh/; cat >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/*"
this will require you to enter your RSA Token password.
Now you should start your ssh tunnel. Refer to section "Starting tunnel" for instructions. Do this section before the next command.
With the tunnel established, you can then copy your public key to your CAD account is then done by:
cat ~/.ssh/id_rsa.pub | ssh yellowpc sh -c "mkdir ~/.ssh; chmod 700 ~/.ssh/; cat >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/*"
this will require you to enter your BNL domain account password.
You will also want to put your public key onto the web server
cat ~/.ssh/id_rsa.pub | ssh eicsrv1 sh -c "mkdir ~/.ssh; chmod 700 ~/.ssh/; cat >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/*"
Another viable method, would be to simply ssh into the machine of interest and catenate the public key to the authorize_keys file located in the .ssh directory.
Starting tunnel
To bring up the tunnel run:
ssh -Nf ssh.pbn.bnl.gov
This tunnel will then stay up until machine and/or the gateway are shutdown or rebooted.