Single Sign On (SSO) Login Hub

XSEDE now supports a Single Sign On (SSO) login hub, login.xsede.org, a single point-of-entry to the XSEDE cyberinfrastructure. Upon logging into the hub with your XSEDE User Portal (XUP) username and password, a 12 hour proxy certificate is automatically generated, allowing the user to access XSEDE resources for the duration of the proxy. Users may then gsissh to any XSEDE compute resource (see Table 1) without the need for a resource-specific username and password.

Users may view a complete listing of their XSEDE resource accounts in the XSEDE User Portal under the MyXSEDE->Accounts menu item.

Use the grid-proxy-info command to extract information from the certificate, such as time (in seconds) till expiration.

In the following example session, janeXUPuser has work to do on both Stampede and Gordon. She logs into the SSO hub, gsissh's to Stampede and works for a while, logs back out, then checks the remaining time left till the credential expires, logs into Gordon, does some work, then logs out of Gordon and then out of the hub. Note that you may use the grid-proxy-info command on a resource or on the hub.

mylaptop$ ssh janeXUPuser@login.xsede.org
janeXUPuser@login.xsede.org's password: 
...
Welcome to the XSEDE Single Sign-On (SSO) Hub!
...
[janeXUPuser@gw69 ~]$ gsissh -p 2222 stampede.tacc.xsede.org
...
Welcome to the Stampede Supercomputer
login1$ do work on Stampede
login1$ exit
logout
Connection to stampede.tacc.xsede.org closed.
[janeXUPuser@gw69 ~]$ grid-proxy-info -timeleft
24156
[janeXUPuser@gw69 ~]$ gsissh gordon.sdsc.xsede.org
...                                                               
janeXUPuser@gordon-ln1 ~]$ do work on Gordon
lindsey@gordon-ln1 ~]$ exit
logout
Connection to gordon.sdsc.xsede.org closed.
[janeXUPuser@gw69 ~]$ exit
logout
Connection to login.xsede.org closed.
mylaptop$ 

The login hub accepts only standard SSH incoming connections. Use of SSH keys is not allowed as this would interfere with the authentication mechanism.

Users are limited to 100MB of storage on the hub. Data is NOT backed up. Please use your allocated storage resources for data storage. The XSEDE storage resources are not reachable via the SSO hub.

Once the SSO credential expires, the user will no longer be able to gsissh into any of the XSEDE resources. To generate a new credential, the user must logout of the SSO hub and log back in again.

Table 1. XSEDE gsissh Compute Resource Login Commands

XSEDE Resource Login command
Blacklight gsissh blacklight.psc.xsede.org
Gordon Compute Cluster gsissh gordon.sdsc.xsede.org
Gordon ION gsissh gordon.sdsc.xsede.org
Keeneland gsissh gsissh.keeneland.gatech.xsede.org
Kraken gsissh kraken-gsi.nics.xsede.org
Lonestar gsissh lonestar.tacc.xsede.org
Mason gsissh mason.iu.xsede.org
Maverick gsissh -p 2222 maverick.tacc.xsede.org
Open Science Grid gsissh osg-xsede.grid.iu.edu
Stampede gsissh -p 2222 stampede.tacc.xsede.org
Trestles gsissh trestles.sdsc.xsede.org

Using a Host Alias File

GSISSH enables you to set up host aliases in a config file to make it easy to logon to an abbreviated alias rather than using the full XSEDE login host. You can also use this file to define a port number if it is required. For example you can authenticate using:

[janeXUPuser@login ~]$ gsissh blacklight

instead of

[janeXUPuser@login ~]$ gsissh blacklight.psc.xsede.org

Simply create a "config" file under your "~/.ssh" directory on the SSO hub. A sample config file is shown below.

[janeXUPuser@login ~]$ vi ~/.ssh/config

Sample SSH configuration file

### SSH client Host aliases for XSEDE
    
Host kraken
Hostname gsissh.kraken.nics.xsede.org
Host nautilus
Hostname gsissh.nautilus.nics.xsede.org
Host blacklight
Hostname tg-login1.blacklight.psc.teragrid.org
Host lonestar
Hostname lonestar.tacc.utexas.edu
Host longhorn
Hostname longhorn.tacc.utexas.edu
Host stampede
Hostname stampede.tacc.utexas.edu
Port 2222
Host trestles
Hostname trestles.sdsc.edu
Host gordon
Hostname gordon.sdsc.edu

References

Last update: March 23, 2014