SDS@hd/Access/SFTP: Difference between revisions

From bwHPC Wiki
< SDS@hd‎ | Access
Jump to navigation Jump to search
No edit summary
Line 2: Line 2:


This enables easy access to SDS@hd without additional registration of your own computer.
This enables easy access to SDS@hd without additional registration of your own computer.
This way can also be useful if you are in a network in which e.g. [[Sds-hd_CIFS|SMB]] and [[Sds-hd_nfs|NFS]] are not available, e.g. due to firewall restrictions.
This way can also be useful if you are in a network in which e.g. [[SDS@hd/Access/CIFS|SMB]] and [[SDS@hd/Access/NFS|NFS]] are not available, e.g. due to firewall restrictions.


'''Attention:'''
'''Attention:'''

Revision as of 18:09, 19 August 2022

It is possible to access the SDS@hd service from Windows, Mac and Linux using the sshfs/sftp protocol.

This enables easy access to SDS@hd without additional registration of your own computer. This way can also be useful if you are in a network in which e.g. SMB and NFS are not available, e.g. due to firewall restrictions.

Attention: In principle, however, the connection is not suitable for permanent connections, since (due to technical reasons) it is not highly available.

Prerequisites

Attention: To access data served by SDS@hd, You need a Service Password. See details SDS@hd/Registration.

Additionally the access to SDS@hd is currently only available inside the belwue-Network.

This means you have to use the VPN Service of your HomeOrganization, if you want to access SDS@hd from outside the bwHPC-Clusters (e.g. via eduroam or from your personal Laptop)

Using SFTP from Linux client

direct/interactive Access:

You can directly use sftp to "login" to SDS@hd. This will give you an interactive sftp-shell.

Example:

> sftp  hd_xy123@lsdf02-sshfs.urz.uni-heidelberg.de
Connected to lsdf02-sshfs.urz.uni-heidelberg.de.
sftp> ls
sd16j007  sd17c010  sd17d005  
sftp> 
sftp> help
...
sftp> put myfile
sftp> get myfile

mounting network drive over SFTP:

In most linux distributions you could install a package for fuse mounting a network drive. This allows you to work with SDS@hd comparable to a local folder.

Example (debian/ubuntu):

> apt-get install sshfs
> mkdir ~/sds-hd
> sshfs -o reconnect hd_xy123@lsdf02-sshfs.urz.uni-heidelberg.de: ~/sds-hd
> ls ~/sds-hd
sd16j007  sd17c010  sd17d005  
> touch ~/sds-hd/sd16j007/testfile

Example (CentOS/RedHat):

> yum install fuse-sshfs
> mkdir ~/sds-hd
> sshfs -o reconnect hd_xy123@lsdf02-sshfs.urz.uni-heidelberg.de: ~/sds-hd
> ls ~/sds-hd
sd16j007  sd17c010  sd17d005
> touch ~/sds-hd/sd16j007/testfile

You can close/unmount the network drive with the command:

fusermount -u ~/sds-hd

You can of course also use /etc/fstab for mounting SDS@hd with the following entry:

sshfs#hd_xy123@lsdf02-sshfs.urz.uni-heidelberg.de:    <your_local_mountpoint>   fuse   defaults,user,noauto,exec,reconnect        0       0 

Using SFTP from Windows and Mac client

Windows clients do not have a SCP/SFTP client installed by default, so it needs to be installed before this protocol can be used.

Tools for example:


network drive over SFTP:

Connecting to SDS@hd

To establish a connection to SDS@hd you have to use the following parameters:

  • protocol: sftp
  • port: 22
  • hostname: lsdf02-sshfs.urz.uni-heidelberg.de
  • username: <your_username> e.g. hd_xy123
  • password: <your_servicepassword>

Best practices

ssh/sftp has a lot of useful options. One of the important ones is the used encryption cipher.

Changing the encryption method (cipher) can have a significant impact on the transmission speed. The effects are difficult to predict because, among other things, they are depending on the client's processor. In tests on current Intel hardware (Intel (R) Xeon (R) CPU E5-2620 v4), the following ciphers turned out to be particularly fast:

Cipher performance
chacha20-poly1305@openssh.com (default) 100%
aes128-gcm@openssh.com ~200%
aes128-ctr ~188%
arcfour ~135%

With ssh/sshfs you can use different ciphers with the -o option:

sshfs -o Cipher=aes128-gcm@openssh.com -o reconnect hd_xy123@lsdf02-sshfs.urz.uni-heidelberg.de: <local_mountpoint>

A list of available ciphers should be available with the command

ssh -Q cipher


Attention: It has to be noted, that not all encryption methods meet the same security requirements. You have to consider the different performance and security requirements for your indiviual usecase.