RCG LINUX TERMINAL SERVER IN SFU CLOUD
A new Linux terminal server was set up in January, 2020:
This is a VM running Red Hat Enterprise Linux 7, and it exists within a VMware NSX environment known as “SFU Cloud”, physically located in the Water Tower Data Centre at SFU Burnaby.
(rcga-linux-ts1.dc.sfu.ca can also be reached via its DNS alias, linux.cs.sfu.ca.)
FAIL2BAN: “I CAN’T SSH IN ANYMORE”
If your password is entered incorrectly five times in a row, fail2ban
will automatically add your IP address to the banned host list. The same rule applies to failed SSH key authentication.
You will not be able to SSH to rcga-linux-ts1 unless you either (1) wait 24 hours, or (2) contact research-support@sfu.ca with your IPv4 address.
Check https://www.whatismyip.com/ if you do not know your current IPv4 address. You will need to visit this website from the computer on which you are having trouble, not from e.g., your phone.
THINGS YOU NEED TO KNOW ABOUT RCGA-LINUX-TS1.DC.SFU.CA
- Run large jobs on your workstation, not on rcga-linux-ts1
This host should be used mostly for SSHing to your workstation and for lightweight work like text editing.
Since this host is shared by others and has very limited CPU power and memory, it is not a good host to run large, long-running experiments. Rogue processes will be killed.
Use your workstation for larger jobs.
- Only NFSv4 shares are automounted
At the time of our TASC 2 server room meltdown (July 16th, 2020), some of the NFS research shares that were automounted on the old Linux terminal servers were still using NFSv3, coming from old fileservers in the TASC 2 server room. We temporarily resurrected rcg-linux-ts3.rcg.sfu.ca until the end of August, 2020, so that some of this NFSv3 data could be accessed, and to give us time to transfer the data to NFSv4 shares in SFU Cloud. By the end of August, 2020, all research data should be on NFSv4 servers.
The SSH configuration on rcga-linux-ts1.dc.sfu.ca has been hardened such that only modern, secure encryption methods are accepted. You should be able to ssh into rcga-linux-ts1.dc.sfu.ca from the command-line of modern versions of Linux and macOS. If you’re a Windows user, then up-to-date versions of PuTTY and MobaXterm will also work. Note that CentOS 6 is too old! If you try to ssh into rcga-linux-ts1.dc.sfu.ca from the old rcg-linux-ts3.rcg.sfu.ca terminal server (due to be retired at the end of August), you’ll get a response like this:
no matching mac found: client hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96 server hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
Note also that SSH Secure Shell for Windows is way too old! This software hasn’t been updated in 20 years! If you try to connect to rcga-linux-ts1.dc.sfu.ca using this ancient software from the dark ages, you’ll see the following:
Try PuTTY or MobaXterm. (The latter is preferred if you want X-Windows support.)
- The firewall is very tight
The firewall rules in SFU Cloud are very restrictive, both incoming and outgoing. As for incoming rules, port 22 on rcga-linux-ts1.dc.sfu.ca is open to the internet, and everything else is blocked. If you need to use another port for something, you’ll need to tunnel it via ssh. As for outgoing rules, only those ports necessary for accessing required services are open, and all other ports are blocked, including http and https. If you have a requirement to connect to an external web site, you’ll need to proxy it. For more information on how to do this, please read Using the Proxy for Outgoing http/https Connections in SFU Cloud.
rcga-linux-ts1.dc.sfu.ca is configured to be able to print to SFU_Print from the command-line, using Kerberos authentication. (The CentOS 6 servers were too old work with SFU_Print.) For detailed information on how this works, please see our Printing from Linux to SFU_Print documentation.
OLD RCG LINUX TERMINAL SERVERS
These Linux terminal servers were retired on July 17th, 2020, and they will not be coming back:
- rcg-linux-ts1.rcg.sfu.ca
- rcg-linux-ts2.rcg.sfu.ca
(rcg-linux-ts1.rcg.sfu.ca also used to be known by its DNS alias linux.cs.sfu.ca, but that alias now points to the new rcga-linux-ts1.dc.sfu.ca server.)
This Linux terminal server is due to be retired by the end of August, 2020:
These were VMs running the very old CentOS 6 Linux. They existed on KVM hypervisors located in SFU Burnaby’s TASC 2 server room which suffered a power distribution meltdown on the night of July 16th, 2020.