-
Notifications
You must be signed in to change notification settings - Fork 34
SSH and GSISSH
SAGA Python provides several plug-ins that interface with middleware that doesn't support remote submission, like for example the PBS and SGE queuing systems. In addition to the 'local' mode, e.g.,:
saga.job.Service('pbs://localhost')
most of these plug-ins also provide a 'remote' mode by tunneling calls via SSH or GSISSH, e.g.,:
saga.job.Service('pbs+ssh://my.remote.cluster')
saga.job.Service('pbs+gsissh://my.remote.cluster')
While this functionality can be incredibly useful in many cases, it requires a working SSH (or GSISSH) set-up on both, the submit host (the machine that runs the SAGA application) and the machine that is specified as saga.job.Service
(the machine that executes the jobs).
In order to use plug-ins that allow ssh-tunnelng (xyz_+ssh_://), it is hence necessary to set-up password-less ssh-keychain access to the remote hosts you want to use. Otherwise, you will end-up with error messages like:
bliss.SSHJobPlugin(0x102054320) - ERROR - Couldn't run job because: Private key file is encrypted
or
bliss.PBSJobPlugin(0x10ebdacb0) - ERROR - Couldn't run job because: Permission denied (publickey,hostbased).
Most systems should come with keychain already installed. If not, a simple yum install keychain
(RedHat-based systems), apt-get install keychain
(Debian-based systems) and brew install keychain
(MacOS X via Homebrew) should do the trick.
If you're not familiar with SSH keys and authentication mechanisms at all, please refer to this tutorial for an introduction.
Assuming you have your public/private key-pair stored in $HOME/.ssh/id_rsa
, the following command will ask you for your ssh-key's password and add your key to the ssh-agent for subsequent password-less use:
keychain $HOME/.ssh/id_rsa
* keychain 2.7.1 ~ http://www.funtoo.org
* Found existing ssh-agent: 4175
* Adding 1 ssh key(s): /Users/oweidner/.ssh/id_rsa
Enter passphrase for /Users/oweidner/.ssh/id_rsa:
* ssh-add: Identities added: /Users/oweidner/.ssh/id_rsa
In order to use this identity, you simply source it into your environment:
source ~/.keychain/<your-hostname>-sh