Each node on the testbed is reachable via SSH. One main difference between DETER and Emulab is that DETER nodes are not accessible directly from the internet. In order to log into your nodes, you must first log into '''users.create.iucc.ac.il''' using your DETER username (not your email address) and password (or your SSH public key). From users you can log into your nodes. To save on connections, you might want to look into using GNU screen on users. Also refer to the Tips and Tricks section below for ways to make accessing DETER easier.

Uploading files to DETER

You can upload files to users.create.iucc.ac.il via SCP or SFTP. Files in your home directory and in your project directory will be made available to you on all of your testbed nodes via NFS.

An Example Session with Windows and Putty

Putty is a free, lightweight SSH client for Windows. Here is an example session in which I connect to my experimental node "node0" in my experiment "jjh-ubuntu1004" in the project "DeterTest".

First we connect to '''users.create.iucc.ac.il''':

We then enter in our just our username and password (the same password as the CREATE web interface). Trying to use your email address or something like jjh@users.create.iucc.ac.il will '''not''' work:

Now we have successfully logged into users.create.iucc.ac.il:

From users, we now ssh into our experimental node, "node0.jjh-ubuntu.detertest":

Tips and Tricks

Listing your nodes from the command line

When logged into users.create.iucc.ac.il, the node_list command will list the names of all your nodes. You can log into your nodes using either the pcXXX name or the full experimental name.

  [jhickey@users ~]$ node_list
  DeterTest/jjh-ubuntu
      node1.jjh-ubuntu.DeterTest / pc118
      node0.jjh-ubuntu.DeterTest / pc054
      node2.jjh-ubuntu.DeterTest / pc167
  DeterTest/jjh-ubuntu1004
      node0.jjh-ubuntu1004.DeterTest / pc026
  [jhickey@users ~]$ 

SSH port forwarding

If you are, for example, running an internal web server on one of your DETER nodes, you can access it via SSH through users. For example to redirect port 80 on pcXXX to your local machine on port 8080 you would do:

    ssh -L 8080:pcXXX:80 username@users.create.iucc.ac.il

Once logged in, you should be able to access the web server on your DETER node by going to http://localhost:8080. For more information on port forwarding with SSH, please refer to the SSH man page.

SSH port forwarding with Putty

To use putty for port forwarding, configure putty to open a connection to users.create.iucc.ac.il

before you make that connection, set up the tunneling parameters. This example forwards local port 12345 to a remode desktop protocol server (port 3389) on a testbed node. select the Tunnels menu from under the SSH choice in the Connection menu on the left hand side. Add a forwarded port using the Local type, a local port number (12345 in the image) and the DETER hostname and port in the Destination field. In the example we are forwarding the connection to port 3389 (the remote desktop protocol) on pc102.

Be sure to press Add to add the port. The putty window will look like this:

Now open that connection. You will see a login prompt, and you should log in to users.

Now you should be able to point your local remote desktop viewer to localhost port 12345 and see the login screen of pc102. If the node is a Windows node, you will see something like this:

Be sure that your local machine does not firewall the local port 12345. Replace pc102 with a node in your experiment and the forwarded port with the port your service uses.

Uploading your SSH key from OS X

The Upload File dialog in Macintosh OS X does not show hidden directories by default. This creates and extra hassle when uploading SSH public keys from an OS X machine.

In the "Upload File" dialog, use the shortcut '''Shift-Command-G''' and type in "~/.ssh" to navigate to the contents of your .ssh directory.

Then you will be presented with the contents of your .ssh directory and will be able to upload your id_rsa.pub file to DETER:

OpenSSH Configuration for Directly Logging into testbed nodes

These configuration tweaks should work for any operating system that runs OpenSSH (Linux, BSD, and OS X typically use OpenSSH as the default SSH client).

It is possible to log directly into testbed nodes with a little SSH configuration tweaking. Adding the following statement to '''~/.ssh/config''' will allow you to skip logging into users in order to access a particular testbed node. Change MyProject to the name of your project.

    Host pc*.create.iucc.ac.il
        ProxyCommand ssh users.create.iucc.ac.il nc %h %p
        StrictHostKeyChecking no

    Host *.MyProject.create.iucc.ac.il
        ProxyCommand ssh users.create.iucc.ac.il nc %h %p
        StrictHostKeyChecking no

With this configuration change and a proper SSH key setup, you will be able to directly log into nodes in your experiment.

You will now be able to log into nodes in your experiment using either the actual node name, e.g. pc025.create.iucc.ac.il, or [host].[experiment].[project].create.iucc.ac.il.

For example:

    jjhs-mac-mini:~ jjh$ ssh node0.jjh-ubuntu1004.DeterTest.create.iucc.ac.il
    Warning: Permanently added 'node0.jjh-ubuntu1004.detertest.create.iucc.ac.il' (RSA) to the list of known hosts.
    Linux node0.jjh-ubuntu1004.detertest.create.iucc.ac.il 2.6.32-25-generic-pae #45-Ubuntu SMP Sat Oct 16 21:01:33 UTC 2010 i686 GNU/Linux
    Ubuntu 10.04.1 LTS

    Welcome to Ubuntu!
     * Documentation:  https://help.ubuntu.com/

      System information as of Wed Nov 10 20:41:19 PST 2010

      System load:  0.0                Processes:           116
      Usage of /:   12.3% of 14.67GB   Users logged in:     0
      Memory usage: 1%                 IP address for eth1: 192.168.1.26
      Swap usage:   0%

      Graph this data and manage this system at https://landscape.canonical.com/

    4 packages can be updated.
    2 updates are security updates.

    Last login: Wed Nov 10 20:13:15 2010 from users.create.iucc.ac.il
    node0:~> 

Accelerating Multiple Connections using OpenSSH Connection Multplexing

You can log in multiple times using the same SSH connection. This dramatically speeds up creating new connections. To enable SSH connection multiplexing, add the following lines to ~/.ssh/config. If you are on a multiuser machine, you may want to store the control socket someplace other than /tmp.

    Host users.create.iucc.ac.il
        ControlMaster auto
        ControlPath /tmp/%r@%h:%p

To verify that it is working, you can use the '''-v''' option:

    jjhs-mac-mini:~ jjh$ ssh -v pc026.create.iucc.ac.il
    OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
    debug1: Reading configuration data /Users/jjh/.ssh/config
    debug1: Applying options for *create.iucc.ac.il
    debug1: Applying options for pc*.create.iucc.ac.il
    debug1: Applying options for *
    debug1: Reading configuration data /etc/ssh_config
    debug1: auto-mux: Trying existing master
    Last login: Wed Nov 10 20:51:43 2010 from users.create.iucc.ac.il
    node0:~> 

If you try to close your master connection while other connections are active, the connection will stay running until the other sessions end.