# Announcement regarding for replacement of kdesvr1 gateway server #### tags: `admin` The gateway server `kdesvr1.ccs.tsukuba.ac.jp` has been broken at Midnight on Tuesday, October 4th, 2022. The server was replaced with the other server by leo and natsuki. This new server can be accessed from outside of CCS but the other servers under this server cannot be connected to outside of the server cluster.（2022/10/14 reconnect network interface of gateway kdesvr1. 2022/10/18 Finally we could check the connection from internal CCS to outside of CCS.） We can use computational resource in the server cluster, so please use them through the kdesvr1 using **sftp** or **rsync**, and so on. We create the user accounts on the new gateway server. # How to connect to the new gateway server :::info If you are using MS Windows OS(the Win OS), please use WSL or replace `~` with `C:\Users\UserName`. Moreover, if you are using older version than the version 1903 of Win OS, please substitute `ProxyCommand ssh -W %h:%p` with `ProxyCommand C:\Windows\System32\OpenSSH\ssh.exe -W %h:%p`. ::: 1. Reset known_hosts - ssh-keygen -R kdesvr1.ccs.tsukuba.ac.jp - ssh-keygen -R 130.158.108.54 - These commands will remove old kdesvr1's finger prints. 2. Update `~/.ssh/config` - Please administrator of hpcsgitlab, which is the internal repository of KDE (Knowledge Data Engineering) lab - If you are not willing to input pass phrase for private key everytime, we can use ssh-agent. Please search `ssh-agent`, too. <!-- writed by ogino.natsuki.tm@alumni.tsukuba.ac.jp Y=2022 M=10 D=18 JST=22:54 As pointed out by Hayase-sensei, "StrictHostKeyChecking no" setting has been removed because it causes a decrease in security. However, if the "Reset known_hosts" procedure is performed in advance, the connection can be established without problems. --> ```clike= # Prevent from auto disconnection of ssh connection ServerAliveInterval 60 # When you use ssh-agent, authorize using registered private key ForwardAgent yes Host kdesvr1 User <user name> # For student IdentityFile ~/.ssh/<private key inside the CCS KDE server cluster> # For fuculties #IdentityFile ~/.ssh/<private key for svr05> HostName kdesvr1.ccs.tsukuba.ac.jp Host hpcs* User <user name in the CCS KDE server cluster> Identity File ~/.ssh/<private key in the CCS KDE server cluster> ProxyCommand ssh -W %h:%p kdesvr1 Host hpcs115 HostName 192.168.0.115 Host hpcs116 HostName 192.168.0.116 Host hpcs117 HostName 192.168.0.117 Port 11722 Host hpcs119 HostName 192.168.0.119 Host hpcs121 HostName 192.168.0.121 Host hpcs122 HostName 192.168.0.122 Host hpcs123 HostName 192.168.0.123 # Only for user of internal GitLab server "hpcsgitlab" Host hpcsgitlab User git IdentityFile ~/.ssh/id_rsa.hpcsgitlab ProxyCommand ssh -W %h:%p kdesvr1 HostName 192.168.0.117 ``` <!-- writed by ogino.natsuki.tm@alumni.tsukuba.ac.jp Y=2022 M=10 D=18 JST=22:56 diff: `chmod 700 -R ~/.ssh` -> `chmod -R 700 ~/.ssh` I made the above change because MacOS behaves differently depending on the position of the options. --> 3. Change permission of the files - `chmod -R 700 ~/.ssh` - `chmod 600 ~/.ssh/<private key name>` 4. Login to the kdesvr1 - `ssh kdesvr1` - Please confirm the setting of identity file(path of private key). Password login is prohibitted in kdesvr1. <!-- writed by ogino.natsuki.tm@alumni.tsukuba.ac.jp Y=2022 M=10 D=18 JST=23:00 The current configuration is such that user impersonation is not possible. The password cannot be changed even if a user enters an empty password using the passwd command; it can only be overwritten by someone with root privileges by executing "sudo passwd ${username}". 5. **Important: set password for user account** - `passwd` - Input this command just after the first login to the kdesvr1 - If you are asked to change password for user, please set new password for user - The password should be over 8 characters including large characters, small characters and numbers and symbol characters. - If you do not change your password of user, any other registered user of kdesvr1 can use your account by next command - `su <your user account name>` --> 5. Check if you can login to the CCS KDE server cluster - `ssh hpcsXXX` - XXX is the ID number of the server you are using # For administrator of CCS internal server Please set gateway and DNS for network interface connection. - gateway: 130.158.108.54 - dns: 130.158.108.3, 130.158.108.2 nmcli and nmtui is very useful. At first please confirm the setting by nmtui. Please update gateway and dns information. ``` sudo nmtui ``` Next, please update gateway and dns setting by nmcli. ``` nmcli d # Network interface device and connection name list can be shown. ip addr show enp1s0f0(connection name) # Is IP address available? The subnetmask is 255.255.255.0, or ２４. ip link show enp1s0f0 # Is it UP？ Otherwise, cable is disconnected to the connector. nmcli n # connected nmcli n c # full sudo nmcli con edit enp1s0f0(connection name) print ipv4 remove ipv4.gateway set ipv4.gateway 130.158.108.54 set ipv4.dns 130.158.108.3, 130.158.108.2 save quit ``` After setting the network configuration, please restart NetworkManager. ``` sudo systemctl restart NetworkManager sudo systemctl restart network # (or networking) sudo systemctl restart systemd-networkd ``` If you wait a moment, you can connect to the outside of the CCS network from internal servers. Thank you for reading. EOF(End of File)