LRZ Grid Portal: Using Gsissh for Secure Access to LRZ HPC Systems

Using Gsissh for Secure Access to LRZ HPC Systems

Gsissh is a component of the Globus Toolkit (GT) which provides the functionality of ssh (Secure Shell) as well as additional functionalities, but is based on a different security concept. Instead of using, like SSH, a pair of (RSA or DSA) public and private keys, which reside on the remote and local machine, respectively, the security mechanism supported by all GT components (Grid Security Infrastructure, GSI) is employed. It is based on X.509 certificates, which are used by all Grid services, regardless of middleware, be it Globus, UNICORE, or gLite.

Beside providing terminal access to a remote machine the way ssh does, using gsissh offers practical advantages like

a single sign-on environment (no password required to access other machines),
your entrance into the world of Grid computing,
easy access to a number of additional functionalities, including secure file transfer and remote visualization.

There are two versions of gsissh:

A command line based version, called gsissh, which comes with the Globus Toolkit. Packages for various Linux distributions are provided by IGE. For more information please check the IGE documentation here: IGE Downloads. The packages containing the gsissh tools are covered in this page IGE Component Installation Guide.
A Java based version, called gsissh-Term, which runs on Mac, Linux, and Windows systems.

Of the two, Gsissh-Term is easier to use and well suited for beginners in the Grid area. The command line based version is more flexible and caters to the savvy computer user. Both can be used to access LRZ systems.

Practical Guide to Gsissh Usage

The first step is to obtain a personal Grid certificate. These certificates are free of charge and LRZ provides them. The procedure for obtaining Grid certificates for Grid users in the Munich area is available in English and German.
For more details on handling the certificates, see sections Setting up Grid Certificates and Some Tips on the Gsissh-Term page of the Grid Portal of LRZ . Please refer to the same page for screenshots showing the invocation of gsissh-Term.
Next you have to be authorized to actually use an LRZ computer; in other words: your certificate has to be linked to your LRZ UNIX machine account. This is done by sending an email to grid-support@lrz.de, stating the distinguished name (DN) of your certificate, your LRZ user account, and which target system (HLRB2, Linux cluster, etc.) you want to use.

The last step is to start Gsissh-Term.

If you face any problems, please contact grid-support@lrz.de.