Difference between revisions of "RucioBastion"
(→Introduction) |
(→Setting up for the first time) |
||
| Line 4: | Line 4: | ||
== Setting up for the first time == | == Setting up for the first time == | ||
| − | In order to get access to the Bastion service you must.... | + | In order to get access to the Bastion service you must |
| + | |||
| + | Generate an SSH key pair | ||
| + | |||
| + | The public key then needs to be sent to [Ian.Johnson@stfc.ac.uk Ian Johnson] | ||
| + | |||
| + | Once this is set up with your key on the server you can SSH into the server as root via: | ||
| + | ssh -v -i <your path to private key>.rsa root@rucio-bastion.gridpp.rl.ac.uk | ||
| + | |||
| + | You then need to set up a new user for yourself | ||
| + | |||
| + | Switch user to yourself | ||
| + | |||
| + | Copy your x509 certificate (*.pfx) to the bastion into your home directory | ||
| + | |||
| + | Unpack this certificate package using the following commands | ||
| + | openssl pkcs12 -in <*.pfx> -out newfile.crt.pem -clcerts -nokeys | ||
| + | openssl pkcs12 -in <*.pfx> -out newfile.key.pem -nocerts -nodes | ||
| + | |||
| + | Move these new files into the /home/<YOU>/.globus directory but rename them respectively usercert.pem and userkey.pem | ||
| + | |||
| + | then run openssl | ||
| + | within openssl run the command: | ||
Revision as of 15:59, 7 April 2021
Introduction
- The Rucio bastion server can be found at http://rucio-bastion.gridpp.rl.ac.uk/ you will not be able to access this without a cert / key combination
Setting up for the first time
In order to get access to the Bastion service you must
Generate an SSH key pair
The public key then needs to be sent to [Ian.Johnson@stfc.ac.uk Ian Johnson]
Once this is set up with your key on the server you can SSH into the server as root via: ssh -v -i <your path to private key>.rsa root@rucio-bastion.gridpp.rl.ac.uk
You then need to set up a new user for yourself
Switch user to yourself
Copy your x509 certificate (*.pfx) to the bastion into your home directory
Unpack this certificate package using the following commands openssl pkcs12 -in <*.pfx> -out newfile.crt.pem -clcerts -nokeys openssl pkcs12 -in <*.pfx> -out newfile.key.pem -nocerts -nodes
Move these new files into the /home/<YOU>/.globus directory but rename them respectively usercert.pem and userkey.pem
then run openssl within openssl run the command:
