The RSA One-Time Password is the preferred way to log in to Kraken and Nautilus since it is the most secure and it allows access to the NICS HPSS without further authentication. When this method is unavailable, GSISSH can be used as an alternative. More information on myproxy and grid authentication may be found here.
- The XSEDE User Portal provides a quick way to access Kraken and Nautilus
- Standalone Java Terminals provide a similar method which does not rely on the XSEDE Portal.
- Linux/Mac/Unix users can install their own Globus Client (this may require some effort)
XSEDE Portal
The simplest way to access Kraken and Nautilus is to use the SSH terminal on the XSEDE Portal
- Go to the XSEDE Portal, and log in
- Go to My XSEDE -> Accounts, and connect to Kraken and/or Nautilus
- A Java applet should load, and you should see the prompt
Standalone Java Terminal
For XSEDE Users there is a Java-based terminal that uses MyProxy and GSI-enabled SSH to create a single sign-on session, in which you can open windows to other resources without re-entering a password. You must have Java SDK 1.5 or higher installed to run the application.
- Start the Java client, available here.
- Please follow the on-screen download instructions provided.
Logging in using Globus
Installing Globus Toolkit
Download and build Globus Toolkit
$ wget
"http://www.globus.org/ftppub/gt5/5.0/5.0.2/installers/src/gt5.0.2-all-source-installer.tar.bz2"
$ bunzip2 gt5.0.2-all-source-installer.tar.bz2
$ tar -xf gt5.0.2-all-source-installer.tar
$ cd gt5.0.2-all-source-installer
$ ./configure --prefix=$HOME/myglobus
$ make gsi-myproxy gsi-openssh gridftp
$ make install
Set Environment Variables
$ GLOBUS_LOCATION=$HOME/globus
$ MYPROXY_SERVER=myproxy.teragrid.org
$ MYPROXY_SERVER_PORT=7514
$ export GLOBUS_LOCATION MYPROXY_SERVER MYPROXY_SERVER_PORT
$ source $GLOBUS_LOCATION/etc/globus-user-env.sh
(You may want to save the previous commands in your '.bash_profile' or '.bash_login' file, such that you do need to type them over and over)
Remove old certificates
$ rm $HOME/.globus*
(This is just done once, to make sure you start from scratch)
If you have installed a client with the previous step, or you are coming from a system that already has Globus installed (eg, another XSEDE site), it is easy to use the client. First, get a proxy certificate as described here.
Please note: If the certificates proxies are not already taken care of (eg your computer), you need to use the
-Tflag withmyproxy-logon, which downloads all of the certificates proxies to~/.globus/certificates. If certificates are already taken care of for you (eg any NICS resource), do not use-Tas it will preventgsisshfrom looking in the site-wide location for certificates.
Next, use "gsissh gsissh.resource.nics.xsede.org" to connect to the resource you wish to use. If the resource you are trying to connect to accepts GSI authentication, it will log on. If not, it will probably fall back on another authentication method (prompting for an OTP passcode). At NICS, the GSI nodes (eg gsissh.kraken.nics.xsede.org) accept GSI authentication, other nodes only accept OTP authentication.