All the virtual machines created on UNIVBRIS OFELIA have a private IP address (usually in the 10.216.22.0/24 subnet), which means that the virtual machines cannot be accessed from the internet directly. In order to solve this problem, a SSH gateway has been deployed. This gateway has a network interface on the internet and another one on the private UNIVBRIS OFELIA network. Therefore, an experimenter can go through this SSH gateway to access their virtual machine.
When an experimenter sends the instruction to VTAM to create a virtual machine, it sends also the SSH public keys of all users in the slice. These SSH keys are included inside the virtual machine of the experimenter so that they can SSH to their virtual machine. Hence, it is very important that experimenters take great care that their reservation tool sends the SSH public keys according to GENI API v2 specifications. The SSH public key should be in OpenSSH format, i.e. one key should be described as: ssh-rsa <ssh_public_key_value> <comment_if_wanted> or ssh-dss <ssh_public_key_value> <comment_if_wanted> .
When VTAM receives a request to create a new virtual machine, an entry is made to the LDAP of the SSH gateway. This entry contains details about the slice name as well as usernames and the SSH public keys of the experimenter(s).
An experimenter usually adds his private SSH key to the SSH agent on his own computer so that he does not need to supply it manually. For example in Debian/Ubuntu:
ssh-add location-of-private-key
The public IP, port and login (username) of the SSH gateway of UNIVBRIS OFELIA are 137.222.204.15, 22 and fed4fire respectively. Using the connection details above, the experimenter can first SSH in the SSH gateway first and then SSH in his virtual machine. The SSH agent of the experimenter should automatically supply the private SSH key of the experimenter to authenticate to both the SSH gateway and virtual machine.
On Linux:
In order to facilitate further the logging process, the experimenter can add a small file (described in the code section) to his computer if he is running Debian/Ubuntu to the following location ~/.ssh/config. Using this file, an experimenter should be able to SSH to his chosen virtual machine by using the command:
ssh <private ip of virtual machine>
where the private ip of the virtual machine is obtained by following the last steps in the previous section.
When an experimenter logs in with his SSH private key, he will log as root into the virtual machine and therefore, he can perform administrative task directly.
Using Putty and Pageant on Windows:
Pageant:
- right-click on the Pageant icon (a pc with blue screen and a hat) in the notification bar, click
Add Keyand select the location of your private ssh key that you used withcreatesliver.
Putty:
- in the “Session” tab, add your virtual machine IP in “HostName field”.
- in “Data” subtab of “Connection” tab, use
rootin the “Auto-login username” field. - in “Proxy” subtab of “Connection” tab, select
localin “Proxy type” field. In the “Telnet command, or local proxy command” field add:plink.exe fed4fire@137.222.204.15 -agent -nc %host:%port - in “Auth” subtab of “SSH” subtab of “Connection” tab, fill in your ssh private key that you used for
createsliverby browsing to it. - click on “Open” button at the right-hand bottom of putty to start the connection to your virtual machine. You may be asked to accept unknown host id.