Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

documented SSH authentication details

  • Loading branch information...
commit 8a81fce275babcdb30cc9b4e87b02d0d573e7899 1 parent 4a8b31a
@lirazsiri lirazsiri authored
Showing with 195 additions and 0 deletions.
  1. +64 −0 docs/cloudtask.html
  2. +73 −0 docs/cloudtask.man
  3. +58 −0 docs/cloudtask.txt
View
64 docs/cloudtask.html
@@ -446,6 +446,16 @@ <h2 class="subtitle" id="parallel-batch-execution-with-auto-launched-cloud-serve
<tr><td class="option-group">
<kbd><span class="option">--force</span></kbd></td>
<td>Don't ask for confirmation</td></tr>
+</tbody>
+</table>
+<dl class="docutils">
+<dt>--ssh-identity=</dt>
+<dd>SSH identity keyfile to use (defaults to ~/.ssh/identity)</dd>
+</dl>
+<table class="docutils option-list" frame="void" rules="none">
+<col class="option" />
+<col class="description" />
+<tbody valign="top">
<tr><td class="option-group" colspan="2">
<kbd><span class="option">--hub-apikey=<var>APIKEY</var></span></kbd></td>
</tr>
@@ -809,6 +819,60 @@ <h2 class="subtitle" id="parallel-batch-execution-with-auto-launched-cloud-serve
</pre>
</div>
</div>
+<div class="section" id="ssh-authentication">
+<h1>SSH AUTHENTICATION</h1>
+<p>Cloudtask uses SSH to log into remote workers, transfer files and
+execute commands. You can't SSH into a remote worker unless
+authentication has been properly set up. The local ssh client must be
+capable of authenticating to the remote worker with its ssh identity.
+Password authentication is not supported. Your ssh identity must be
+added to the remote worker's authorized keys list.</p>
+<p>The easiest and most reliable way to do this is to:</p>
+<ol class="arabic">
+<li><p class="first">Generate an SSH keypair:</p>
+<pre class="literal-block">
+$ ssh-keygen -f cloudtask-keypair -N ''
+Generating public/private rsa key pair.
+Your identification has been saved in cloudtask-keypair.
+Your public key has been saved in cloudtask-keypair.pub.
+The key fingerprint is:
+c5:88:16:8e:78:a9:b9:b9:c1:c3:5d:87:e5:03:8d:3c liraz&#64;backstage
+The key's randomart image is:
++--[ RSA 2048]----+
+| . |
+| . = = o |
+| . + E + o |
+| + . * . |
+| o o S |
+| o + . . . |
+| B . |
+| + |
+| . |
++-----------------+
+</pre>
+</li>
+<li><p class="first">Log into your Hub account, go to the User Profile page and cut and
+paste the contents of cloudtask-keypair.pub to the Authorized Keys
+textbox. This ensures that cloudtask-keypair will be added to the
+list of authorized keys on newly launched instances.</p>
+</li>
+</ol>
+<p>If you are running Cloudtask on a remote machine and don't want to leave
+your authorized key on it, there is a somewhat safer, though less
+reliable alternative. You can keep your authorized key on your local
+machine and forward your SSH agent to the remote machine running
+Cloudtask:</p>
+<pre class="literal-block">
+ssh -A my-cloudtask-controller
+</pre>
+<p>Then when you run Cloudtask, as soon as it launches a new instance it
+will use your forwarded identity to add a temporary identity to the list
+of authorized keys on the newly launched remote instance. This will
+allow Cloudtask to continue to access the worker even if you log out and
+cut off access to the forwarded SSH agent.</p>
+<p>You'll need to make sure you stay logged on with the forwarded SSH agent
+until the last worker launches and authorizes the temporary identity.</p>
+</div>
<div class="section" id="how-it-works">
<h1>HOW IT WORKS</h1>
<p>When the user executes a task, the following steps are performed:</p>
View
73 docs/cloudtask.man
@@ -157,6 +157,14 @@ previous session
.B \-\-force
.
Don\(aqt ask for confirmation
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-\-ssh\-identity=
+.
+SSH identity keyfile to use (defaults to ~/.ssh/identity)
+.UNINDENT
+.INDENT 0.0
.TP
.BI \-\-hub\-apikey\fB= APIKEY
.
@@ -601,6 +609,71 @@ EOF
chmod +x helloworld
.ft P
.fi
+.SH SSH AUTHENTICATION
+.sp
+Cloudtask uses SSH to log into remote workers, transfer files and
+execute commands. You can\(aqt SSH into a remote worker unless
+authentication has been properly set up. The local ssh client must be
+capable of authenticating to the remote worker with its ssh identity.
+Password authentication is not supported. Your ssh identity must be
+added to the remote worker\(aqs authorized keys list.
+.sp
+The easiest and most reliable way to do this is to:
+.INDENT 0.0
+.IP 1. 3
+.
+Generate an SSH keypair:
+.sp
+.nf
+.ft C
+$ ssh\-keygen \-f cloudtask\-keypair \-N \(aq\(aq
+Generating public/private rsa key pair.
+Your identification has been saved in cloudtask\-keypair.
+Your public key has been saved in cloudtask\-keypair.pub.
+The key fingerprint is:
+c5:88:16:8e:78:a9:b9:b9:c1:c3:5d:87:e5:03:8d:3c liraz@backstage
+The key\(aqs randomart image is:
++\-\-[ RSA 2048]\-\-\-\-+
+| . |
+| . = = o |
+| . + E + o |
+| + . * . |
+| o o S |
+| o + . . . |
+| B . |
+| + |
+| . |
++\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
+.ft P
+.fi
+.IP 2. 3
+.
+Log into your Hub account, go to the User Profile page and cut and
+paste the contents of cloudtask\-keypair.pub to the Authorized Keys
+textbox. This ensures that cloudtask\-keypair will be added to the
+list of authorized keys on newly launched instances.
+.UNINDENT
+.sp
+If you are running Cloudtask on a remote machine and don\(aqt want to leave
+your authorized key on it, there is a somewhat safer, though less
+reliable alternative. You can keep your authorized key on your local
+machine and forward your SSH agent to the remote machine running
+Cloudtask:
+.sp
+.nf
+.ft C
+ssh \-A my\-cloudtask\-controller
+.ft P
+.fi
+.sp
+Then when you run Cloudtask, as soon as it launches a new instance it
+will use your forwarded identity to add a temporary identity to the list
+of authorized keys on the newly launched remote instance. This will
+allow Cloudtask to continue to access the worker even if you log out and
+cut off access to the forwarded SSH agent.
+.sp
+You\(aqll need to make sure you stay logged on with the forwarded SSH agent
+until the last worker launches and authorizes the temporary identity.
.SH HOW IT WORKS
.sp
When the user executes a task, the following steps are performed:
View
58 docs/cloudtask.txt
@@ -135,6 +135,9 @@ OPTIONS
--force
Don't ask for confirmation
+--ssh-identity=
+ SSH identity keyfile to use (defaults to ~/.ssh/identity)
+
--hub-apikey=APIKEY
Hub API KEY (required if launching workers)
@@ -480,6 +483,61 @@ from a common module::
EOF
chmod +x helloworld
+SSH AUTHENTICATION
+==================
+
+Cloudtask uses SSH to log into remote workers, transfer files and
+execute commands. You can't SSH into a remote worker unless
+authentication has been properly set up. The local ssh client must be
+capable of authenticating to the remote worker with its ssh identity.
+Password authentication is not supported. Your ssh identity must be
+added to the remote worker's authorized keys list.
+
+The easiest and most reliable way to do this is to:
+
+1) Generate an SSH keypair::
+
+ $ ssh-keygen -f cloudtask-keypair -N ''
+ Generating public/private rsa key pair.
+ Your identification has been saved in cloudtask-keypair.
+ Your public key has been saved in cloudtask-keypair.pub.
+ The key fingerprint is:
+ c5:88:16:8e:78:a9:b9:b9:c1:c3:5d:87:e5:03:8d:3c liraz@backstage
+ The key's randomart image is:
+ +--[ RSA 2048]----+
+ | . |
+ | . = = o |
+ | . + E + o |
+ | + . * . |
+ | o o S |
+ | o + . . . |
+ | B . |
+ | + |
+ | . |
+ +-----------------+
+
+2) Log into your Hub account, go to the User Profile page and cut and
+ paste the contents of cloudtask-keypair.pub to the Authorized Keys
+ textbox. This ensures that cloudtask-keypair will be added to the
+ list of authorized keys on newly launched instances.
+
+If you are running Cloudtask on a remote machine and don't want to leave
+your authorized key on it, there is a somewhat safer, though less
+reliable alternative. You can keep your authorized key on your local
+machine and forward your SSH agent to the remote machine running
+Cloudtask::
+
+ ssh -A my-cloudtask-controller
+
+Then when you run Cloudtask, as soon as it launches a new instance it
+will use your forwarded identity to add a temporary identity to the list
+of authorized keys on the newly launched remote instance. This will
+allow Cloudtask to continue to access the worker even if you log out and
+cut off access to the forwarded SSH agent.
+
+You'll need to make sure you stay logged on with the forwarded SSH agent
+until the last worker launches and authorizes the temporary identity.
+
HOW IT WORKS
============
Please sign in to comment.
Something went wrong with that request. Please try again.