XSEDE now supports a Single Sign On (SSO) login hub,
login.xsede.org, a single point-of-entry to the XSEDE cyberinfrastructure. Upon logging into the hub with your XSEDE User Portal (XUP) username and password, a 12 hour proxy certificate is automatically generated, allowing the user to access XSEDE resources for the duration of the proxy. Users may then
gsissh to any XSEDE compute resource (see Table 1) without the need for a resource-specific username and password.
Users may view a complete listing of their XSEDE resource accounts in the XSEDE User Portal under the MyXSEDE->Accounts menu item. For any and all account related questions and problems, please submit an XSEDE helpdesk ticket.
In the following example session, janeXUPuser has work to do on both Stampede and Gordon. She logs into the SSO hub,
gsissh's to Stampede and works for a while, logs back out, then checks the remaining time left till the credential expires, logs into Gordon, does some work, then logs out of Gordon and then out of the hub. Note that you may use the
grid-proxy-info command on a resource or on the hub.
mylaptop$ ssh janeXUPuser@login.xsede.org janeXUPuser@login.xsede.org's password: ... Welcome to the XSEDE Single Sign-On (SSO) Hub! ... [janeXUPuser@gw69 ~]$ gsissh -p 2222 stampede.tacc.xsede.org ... Welcome to the Stampede Supercomputer login1$ do work on Stampede login1$ exit logout Connection to stampede.tacc.xsede.org closed. [janeXUPuser@gw69 ~]$ grid-proxy-info -timeleft 24156 [janeXUPuser@gw69 ~]$ gsissh gordon.sdsc.xsede.org ... janeXUPuser@gordon-ln1 ~]$ do work on Gordon lindsey@gordon-ln1 ~]$ exit logout Connection to gordon.sdsc.xsede.org closed. [janeXUPuser@gw69 ~]$ exit logout Connection to login.xsede.org closed. mylaptop$
The login hub accepts only standard SSH incoming connections. Use of SSH keys is not allowed as this would interfere with the authentication mechanism.
Users are limited to 100MB of storage on the hub. Data is NOT backed up. Please use your allocated storage resources for data storage. The XSEDE storage resources are not reachable via the SSO hub.
Once the SSO credential expires, the user will no longer be able to
gsissh into any of the XSEDE resources. To generate a new credential, the user must logout of the SSO hub and log back in again. Use the
grid-proxy-info command to extract information from the certificate, such as time (in seconds) till expiration.
|Gordon Compute Cluster|| |
|Gordon ION|| |
|Open Science Grid|| |
GSISSH enables you to set up host aliases in a config file to make it easy to logon to an abbreviated alias rather than using the full XSEDE login host. You can also use this file to define a port number if it is required. For example you can authenticate using:
[janeXUPuser@login ~]$ gsissh stampede
[janeXUPuser@login ~]$ gsissh -p 2222 stampede.tacc.xsede.org
Simply create a "
config" file under your "
~/.ssh" directory on the SSO hub. A sample config file is shown below.
[janeXUPuser@login ~]$ vi ~/.ssh/config
NOTE: Because of the potential for abuse, this file must have strict permissions: read/write for the user, and not accessible by others.
login1$ chmod 600 ~/.ssh/config
### SSH client Host aliases for XSEDE Host stampede Hostname stampede.tacc.utexas.edu Port 2222 Host gordon Hostname gordon.sdsc.edu
You can choose to protect SSH login attempts to your accounts at certain XSEDE Service Providers that have implemented XSEDE Two Factor Authentication (XSEDE TFA) using your XSEDE portal account username/password as the primary authentication factor and Duo Security Authentication as the secondary authentication factor.
Currently, SSH access for the following XSEDE systems can be protected in this fashion.
- XSEDE SSO (Single SignOn) Hub at login.xsede.org
- NICS Darter SP – duo.darter.nics.xsede.org
You would be able to login to the above systems using your XSEDE portal username and password in conjunction with Duo Authentication.
To enroll in DUO look for the DUO logo shown below in your XSEDE User Profile page:
For more detailed information about DUO visit the DUO user guide.
Last update: February 25, 2016