|
Size: 3188
Comment: Add ssh access
|
← Revision 8 as of 2025-01-22 21:55:04 ⇥
Size: 2123
Comment: Remove stuff about user private groups, as that is no longer a thing on our VM
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| <<TableOfContents>> |
|
| Line 2: | Line 4: |
| ==== Web Page Access ==== Many of Babase's web pages are available to the public without restriction. However, those pages which access database content or allow data to be changed are restricted to those with [[https://oit.duke.edu/email-accounts/netid/|Duke NetIDs]]. Before accessing these restricted pages, your Duke NetID and its password must be provided. On a future date, a [[https://idms-mfa.oit.duke.edu/mfa/help|second authentication check]] (a.k.a. multi-factor or two-step authentication) may also be required. |
|
| Line 3: | Line 7: |
| Note that the systems described on this page are in the process of being implemented. Implementation is expected to be complete by 2017. ==== Web Page Access ==== Many of Babase's web pages are available to the public without restriction. However, those pages which access database content or allow data to be changed are restricted to those with [[https://oit.duke.edu/email-accounts/netid/|Duke NetIDs]]. Before accessing restricted pages your Duke NetID, it's password, and a [[https://idms-mfa.oit.duke.edu/mfa/help|second authentication check]] must be performed. If you do not have a Duke NetID contact the Lab for sponsorship. [[https://idms-mfa.oit.duke.edu/|Setup your own]] 2nd level of authentication. (Called multi-factor or two-step authentication.) The first step is to login using your Duke NetID. |
If you do not have a Duke NetID, contact the lab for sponsorship. |
| Line 25: | Line 12: |
| For most people the Babase web interface (phpPgAdmin) is all that's needed. More advanced users, particularly the data managers, require access to the Unix command prompt using SSH. | |
| Line 26: | Line 14: |
| For most people the Babase web interface is all that's needed. More advanced users, particularly the data managers, have access to the Unix command prompt using SSH. |
By default, SSH access is not available to everyone. You must explicitly be granted permission by the Duke data manager before you can SSH into the VM. |
| Line 30: | Line 16: |
| ==== The Duke VPN ==== | ===== Be on Duke's network ===== To use SSH you must first be connected to Duke's network. Ways to do this: |
| Line 32: | Line 19: |
| To use ssh you must first sign in to the Duke VPN. Most will use the Duke-supplied VPN software but FOSS users may wish to use the Open Source [[http://www.infradead.org/openconnect/|openconnect]] program instead. |
* Be physically present at Duke * Set up the [[DukeVPN|Duke VPN]] |
| Line 35: | Line 22: |
| ===== Basic openconnect usage ===== | ===== SSH-ing in ===== (This will only work if you are on the Duke network) |
| Line 37: | Line 25: |
| The '''openconnect''' command must be run as root. | From a Unix or Unix-like terminal (In macOS, use "Terminal". In Windows, you'll need to get some 3rd party software, but [[https://www.putty.org/|PuTTY]] is common), enter: |
| Line 39: | Line 27: |
| The usual command for this is: | {{{ ssh MYDUKENETID@papio.biology.duke.edu }}} and hit enter. You will be asked for your NetID's password; when entering it, the cursor on the screen will not move, but rest assured that it is still accepting input. Hit enter to send the password, and you're in. |
| Line 41: | Line 32: |
| openconnect -u ''YourDukeNetID'' --authgroup '-Default-' https://vpn.duke.edu/ Supplying your NetID and the authgroup saves you a bit of typing later. You will be prompted for a password. This is your Duke NetID password. The Duke VPN uses TCP port 443 at the Duke end. It also typically uses UDP port 443. Your firewall will need to be configured to allow outbound traffic to these ports. TCP 443 is used for https connections and will typically already be open. The alternative to opening UDP port 443 is to use the '''--no-dtls''' argument. This will also work if Duke changes their configuration to use port different from UDP 443. ===== Advanced openconnect usage ===== The problem with the above command, and the regular Duke VPN software, is that it changes both the routing and the DNS server used by your box. This can cause problems, from not being able to connect to non-web-based email servers to problems accessing local LAN services like X clients or printers. Fortunately there is a solution that sets up what amounts to a local virtual machine, though which you then connect to the Duke side of things. This is established using the '''vpnc-script-sshd''' helper script as follows (note the \ line continuation character): openconnect -u ''YourDukeNetID'' --script=/usr/share/vpnc-scripts/vpnc-script-sshd \ --authgroup '-Default-' https://vpn.duke.edu/ The path to the '''vpnc-script-sshd''' script may vary on your system. The above is for Debian based systems. The next step is to use the new virtual machine. (Really, this is a new network namespace on your local box.) |
==== Transferring files to/from the VM with SCP ==== If you find a need to move files between your local computer and the VM, ideally you'd use [[https://en.wikipedia.org/wiki/Secure_copy|SCP]]. Feel free to Google up an SCP tutorial of your choice, if you aren't already familiar with it. |
Contents
Accessing Duke's Systems and Logging In
Web Page Access
Many of Babase's web pages are available to the public without restriction. However, those pages which access database content or allow data to be changed are restricted to those with Duke NetIDs. Before accessing these restricted pages, your Duke NetID and its password must be provided. On a future date, a second authentication check (a.k.a. multi-factor or two-step authentication) may also be required.
If you do not have a Duke NetID, contact the lab for sponsorship.
Be sure to have cookies turned on for all of the above.
Access to the Unix prompt with SSH
For most people the Babase web interface (phpPgAdmin) is all that's needed. More advanced users, particularly the data managers, require access to the Unix command prompt using SSH.
By default, SSH access is not available to everyone. You must explicitly be granted permission by the Duke data manager before you can SSH into the VM.
Be on Duke's network
To use SSH you must first be connected to Duke's network. Ways to do this:
- Be physically present at Duke
Set up the Duke VPN
SSH-ing in
(This will only work if you are on the Duke network)
From a Unix or Unix-like terminal (In macOS, use "Terminal". In Windows, you'll need to get some 3rd party software, but PuTTY is common), enter:
ssh MYDUKENETID@papio.biology.duke.edu
and hit enter. You will be asked for your NetID's password; when entering it, the cursor on the screen will not move, but rest assured that it is still accepting input. Hit enter to send the password, and you're in.
Transferring files to/from the VM with SCP
If you find a need to move files between your local computer and the VM, ideally you'd use SCP. Feel free to Google up an SCP tutorial of your choice, if you aren't already familiar with it.