SDS@hd/Access/SFTP: Difference between revisions
S Richling (talk | contribs) |
S Richling (talk | contribs) |
||
Line 95: | Line 95: | ||
* password: <your_servicepassword> |
* password: <your_servicepassword> |
||
= |
= Best practices = |
||
ssh/sftp has a lot of useful options. One of the important ones is the used encryption cipher. |
ssh/sftp has a lot of useful options. One of the important ones is the used encryption cipher. |
||
Line 127: | Line 127: | ||
'''Attention:''' |
'''Attention:''' |
||
It has to be noted, that not all encryption methods meet the same security requirements. You have to consider the different performance and security requirements for your indiviual usecase. |
It has to be noted, that not all encryption methods meet the same security requirements. You have to consider the different performance and security requirements for your indiviual usecase. |
||
<hr> |
|||
<br> |
|||
<br> |
|||
<br> |
|||
<br> |
Revision as of 15:45, 27 July 2022
It is possible to access the SDS@hd service from Windows, Mac and Linux using the sshfs/sftp protocol.
This enables easy access to SDS@hd without additional registration of your own computer. This way can also be useful if you are in a network in which e.g. SMB and NFS are not available, e.g. due to firewall restrictions.
Attention: In principle, however, the connection is not suitable for permanent connections, since (due to technical reasons) it is not highly available.
Prerequisites
Attention: To access data served by SDS@hd, You need a Service Password. See details Sds-hd_user_access.
Additionally the access to SDS@hd is currently only available inside the belwue-Network.
This means you have to use the VPN Service of your HomeOrganization, if you want to access SDS@hd from outside the bwHPC-Clusters (e.g. via eduroam or from your personal Laptop)
Using SFTP from Linux client
direct/interactive Access:
You can directly use sftp to "login" to SDS@hd. This will give you an interactive sftp-shell.
Example:
> sftp hd_xy123@lsdf02-sshfs.urz.uni-heidelberg.de Connected to lsdf02-sshfs.urz.uni-heidelberg.de. sftp> ls sd16j007 sd17c010 sd17d005 sftp> sftp> help ... sftp> put myfile sftp> get myfile
mounting network drive over SFTP:
In most linux distributions you could install a package for fuse mounting a network drive. This allows you to work with SDS@hd comparable to a local folder.
Example (debian/ubuntu):
> apt-get install sshfs > mkdir ~/sds-hd > sshfs -o reconnect hd_xy123@lsdf02-sshfs.urz.uni-heidelberg.de: ~/sds-hd > ls ~/sds-hd sd16j007 sd17c010 sd17d005 > touch ~/sds-hd/sd16j007/testfile
Example (CentOS/RedHat):
> yum install fuse-sshfs > mkdir ~/sds-hd > sshfs -o reconnect hd_xy123@lsdf02-sshfs.urz.uni-heidelberg.de: ~/sds-hd > ls ~/sds-hd sd16j007 sd17c010 sd17d005 > touch ~/sds-hd/sd16j007/testfile
You can close/unmount the network drive with the command:
fusermount -u ~/sds-hd
You can of course also use /etc/fstab for mounting SDS@hd with the following entry:
sshfs#hd_xy123@lsdf02-sshfs.urz.uni-heidelberg.de: <your_local_mountpoint> fuse defaults,user,noauto,exec,reconnect 0 0
Using SFTP from Windows and Mac client
Windows clients do not have a SCP/SFTP client installed by default, so it needs to be installed before this protocol can be used.
Tools for example:
- OpenSSH
- Putty suite (for Windows and Unix)
- WinSCP (for Windows)
- FileZilla (for Windows, Mac and Linux)
- MobaXterm (for Windows)
network drive over SFTP:
- WebDrive (for Windows, Mac, iOS, Android)
- SFTPNetDrive (for Windows)
- NetDrive (for Windows)
- ExpanDrive (for Windows, Mac and Linux)
- MountainDuck (for Windows and Mac)
Connecting to SDS@hd
To establish a connection to SDS@hd you have to use the following parameters:
- protocol: sftp
- port: 22
- hostname: lsdf02-sshfs.urz.uni-heidelberg.de
- username: <your_username> e.g. hd_xy123
- password: <your_servicepassword>
Best practices
ssh/sftp has a lot of useful options. One of the important ones is the used encryption cipher.
Changing the encryption method (cipher) can have a significant impact on the transmission speed. The effects are difficult to predict because, among other things, they are depending on the client's processor. In tests on current Intel hardware (Intel (R) Xeon (R) CPU E5-2620 v4), the following ciphers turned out to be particularly fast:
Cipher | performance |
---|---|
chacha20-poly1305@openssh.com (default) | 100% |
aes128-gcm@openssh.com | ~200% |
aes128-ctr | ~188% |
arcfour | ~135% |
With ssh/sshfs you can use different ciphers with the -o option:
sshfs -o Cipher=aes128-gcm@openssh.com -o reconnect hd_xy123@lsdf02-sshfs.urz.uni-heidelberg.de: <local_mountpoint>
A list of available ciphers should be available with the command
ssh -Q cipher
Attention:
It has to be noted, that not all encryption methods meet the same security requirements. You have to consider the different performance and security requirements for your indiviual usecase.