1 / 10

File Transfers from/to SCD Supercomputers

File Transfers from/to SCD Supercomputers. Siddhartha S Ghosh Consulting Services Group SCD/NCAR. Current Security Policy. Exposed Network. RAS. Semi Exposed Network. token + ssh. Protected Network. ftp, telnet, ssh, rcp/rlogin. Servers. UCAR Exposed Hosts. MSS. VPN.

alamea
Télécharger la présentation

File Transfers from/to SCD Supercomputers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. File Transfers from/to SCD Supercomputers Siddhartha S Ghosh Consulting Services Group SCD/NCAR

  2. Current Security Policy Exposed Network RAS Semi Exposed Network token + ssh Protected Network ftp, telnet, ssh, rcp/rlogin Servers UCAR Exposed Hosts MSS VPN ssh, scp, sftp token + ssh ssh scp sftp roy Offices Servers Data Analysis MSS Supers gatekeeper ssh Super Net

  3. Invoke scp/sftp from Supers to remote Computers Invoke ftp-proxy from Supers to remote Computers Invoke scp from remote Computers to roy.ucar.edu Invoke scp from Supers to salo-s.ucar.edu and a following scp from remote Computers to salo and vise-versa. Stage into MSS and download using ftp/TLS to peewink.ucar.edu Options

  4. Most convenient, may be automated through scripts by Installation of ssh-keys. Secure Ref: http://www.scd.ucar.edu/docs/ibm/scp.html Caveats Remote site must allow incoming ssh Little computational overhead for encryption/decryption Invoke scp/sftp from Supers to remote Computers

  5. Issue ftp roy-s from Supers At the proxy prompt give username@remote-host.remote-domain Follow usual ftp syntax Convenient for anonymous remote ftp access Caveats - Remote site should allow incoming activemode ftp connection - Password for remote account is transmitted in clear - Few reported cases of failures particularly when remote ftp server is behind a firewall Invoke ftp-proxy from Supers to remote Computers

  6. Scp files from remote computers to username@roy.ucar.edu:supercomputer-name Periodically roy transfers those files to username@supercomputer:/ptmp/username/file Some ssh key and other setup is required, Ref: https://www.scd.ucar.edu/docs/access/internal/inbound.html Caveats: - Only works for inbound transfers Invoke scp from remote Computers to roy.ucar.edu

  7. Works when remote site too is hardened Transfer to salo (3rd machine) username@salo.ucar.edu:ptmp Pick it up from salo within 2 hrs. (Refer to the last section of previous reference) Requires account in salo, please email consult1@ucar.edu. Invoke scp from Supers to salo-s.ucar.edu following scp from remote Computers to salo and vice versa.

  8. Convenient, if it needs to be archived in MSS anyway May be used for transferring files in both ways. Ref: http://www.scd.ucar.edu/docs/mss/ftp.html Caveats - Installation of ftp/TLS client is required, (usually straightforward in Linux) - MSS holdings and transfers incur charges. Stage into MSS and download using ftp/TLS to peewink.ucar.edu

  9. This is described in the web page referred to earlier. Create key in your remote computer: ssh-keygen –t rsa press <return> at passphrase prompts Grab the .pub key using mouse type “key roy” when prompted type “key supercomputer-name” e.g. “key bluesky” and type passwd for bluesky when prompted. Once completed you can do: automated file-transfers (method-1) You only need to give One Time Crypto passwd while logging into the supercomputers. Installation of ssh-keys in roy

  10. All the options have little caveats attached Things will change for the better for the users in near future, we have been exploring different options Conclusion Questions ?

More Related