Connecting Infrastructure, Connecting Research

GSI-SSHTerm Application FAQ

Posted 16 October, 2009 - 12:07

< Back to GSI-SSHTerm Application

 

1. I'm having problems running GSI-SSHTerm!
2. When trying to connect to a host, I get the following exception appearing in my Java Console: GSSException: Failure unspecified at GSS-API level [Caused by: Bad certificate (Certificate signature doesnt match)
3. How do I know GSI-SSHTerm is secure?
4. Is information sent between GSI-SSHTerm and the Grid secure?
5. X forwarding doesn't work!
6. Where does GSI-SSHTerm store its Grid configuration files?
7. Can I use GSI-SSHTerm with non-UK Grids?
8. I have already generated a proxy certificate/downloaded a proxy certificate from MyProxy. Can GSI-SSHTerm use it?
9. Where does GSI-SSHTerm look for my certificate?
10. Does GSI-SSHTerm create local proxy certificates files?
11. What versions of Java are supported by GSSI-SSHTerm?
12. How do I change the defualt MyProxy server/port or default GSISSH connection port?
13. Where can I get the source code for the GSI-SSHTerm?
14. What alternatives are there to the GSI-SSHTerm?
15. What do I do when I get an "Illegal Key Size" Error when accessing a PKCS#12 file?
16. What should I do if my Firefox3.x update doesn't work with the GSSI-SSHTerm?
 

1. I'm having problems running GSI-SSHTerm!  Return to top
Please ensure you are running the latest version of the terminal.  The best way of doing this is by launching the terminal by the click install... link on the GSI-SSHTerm homepage.

 

2. When trying to connect to a host, I get the following exception appearing in my Java Console: GSSException: Failure unspecified at GSS-API level [Caused by: Bad certificate (Certificate signature doesnt match)  Return to top
Please delete the certificates directory and a file named cog (if you have) in the ~/.globus directory (or C:\Documents and Settings\{username}\.globus in Windows) on your local machine and run the GSI-SSHTerm to try to connect again.

 

3. How do I know GSI-SSHTerm is secure?  Return to top
The program runs by default as a signed applet.  It is signed by an NGS Developer's certificate issued by the UK e-Science CA.  This gives you the assurance that it is safe for the program to access your certificate and safe for you to use it to access the Grid.

 

4. Is information sent between GSI-SSHTerm and the Grid secure?  Return to top
Yes.  All information transferred with GSI-SSHTerm is encrypted using the open GSI (Grid Security Infrastructure) protocol.

 

5. X forwarding doesn't work!  Return to top
To be able to use X forwarding you need to have an X server running on your machine.  If you are using Windows then you will need to install a commercially available X server or a program such as Cygwin.

 

6. Where does GSI-SSHTerm store its Grid configuration files?  Return to top
When GSI-SSHTerm connects to the Grid it looks for the relevant Grid CA root certificate and signing_policy file in the default Globus location.  This is /etc/grid-security/certificates or ~/.globus/certificates if you are using a Linux/UNIX based system, or C:\Documents and Settings\{username}\.globus\certificates if you are using Windows.  If it does not find the root certificates then it installs them in the necessary directories in your home directory.

 

7. Can I use GSI-SSHTerm with non-UK Grids?  Return to top
Yes. However, by default the GSI-SSHTerm only trusts the UK e-Science CA.  You will have to manually install the relevant CA root certificate and signing_policy files in the directories mentioned in Question 6. For help how to do this then please contact the helpdesk of the grid to which you wish to connect. Alternatively, if you are an administrator of a grid and wish to give your users easy access using GSI-SSHTerm then you can deploy it on your site with other CA root certificates.  See Question 13.

 

8. I have already generated a proxy certificate/downloaded a proxy certificate from MyProxy.  Can GSI-SSHTerm use it?  Return to top
Yes.  GSI-SSHTerm will transparently use your proxy certificate if it already exists in the default location.  This is /tmp/x509up_**** if you are using a Linux/UNIX based system, or C:\Documents and Settings\{username}\Local Settings\Temp\x509up_**** if you are using Windows.

 

9. Where does GSI-SSHTerm look for my certificate?  Return to top
GSI-SSHTerm will automatically find your Grid certificate in the standard Globus *.pem format if it is in the default locations.  This is ~/.globus/ if you are using a Linux/UNIX based system, or C:\Documents and Settings\{username}\.globus if you are using Windows.  If it does not find your certificate then you can specify where it is if it is in PKCS12 (*.p12 or *.pfx) format. Alternatively GSI-SSHTerm can also use your certificate loaded in your Firefox, Mozilla or IE browser.

 

10. Does GSI-SSHTerm create local proxy certificates files?  Return to top
By default, GSI-SSHTerm only stores proxy certificates in memory after retrieving a proxy certificate from the MyProxy server or after generating a proxy certificate from your local Grid certificate.  This behaviour can be changed by selecting Connection Profile > Host > Save Proxies to Disk.  However, it is advisable not to do this on a shared computer.

 

11. What versions of Java are supported by GSSI-SSHTerm?  Return to top
GSI-SSHTerm supports the Sun Java SDK 1.5 or higher. Due to font problems using the JRE rather than the SDK is not recommended.

 

12. How do I change the defualt MyProxy server/port or default GSISSH connection port?  Return to top
Default settings can be set in the file ~/.sshterm/GSI-SSHTerm.properties (or C:\Documents and Settings\{username}\.sshterm\GSI-SSGTerm.properties in Windows).  This file is also used by the terminal to store settings like window positions and last hostname entered between session, when using the application version.  Create or edit this file with one of the following options:

  • sshterm.myproxy.defaults.hostname=myproxy.ngs.ac.uk
  • sshterm.myproxy.defaults.port=7512
  • sshterm.simple.connection.port=2222

These set, respectively, the default MyProxy server hostname, the network port of the MyProxy service on the server (this should not need to be changed) and the port that the GSI-SSHTerm wll connect to when you use the quick version of the Open Connection dialog box (this should not need to be changed in the UK).

 

13. Where can I get the source code for the GSI-SSHTerm?  Return to top
The GSI-SSHTerm is now a SourceForge project, you can access the project site at: http://sourceforge.net/projects/gsi-sshterm.

 

14. What alternatives are there to the GSI-SSHTerm?  Return to top
If you are running Windows, the GSI-enabled PuTTY is another option.  You will need to download and install the relevant CA certificates separately, and generate a proxy at the command line using, e.g. the CoG kit.  If you are running Linux, UNIX or MacOS X (but not Windows) then you may like to consider installing GSISSH itself.  A straightforward way of doing this is via the VDT

 

15. What do I do when I get an "Illegal Key Size" Error when accessing a PKCS#12 file?  Return to top
In certain situations, to use PKCS#12 files you need to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. These are available from the following sites (near the bottom, search for: Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files). Please see this page for details.

http://java.sun.com/javase/downloads/index.jsp  (for Java 6)

http://java.sun.com/javase/downloads/index_jdk5.jsp (for Java 5)

 

16. What should I do if my Firefox3.x update doesn't work with the GSSI-SSHTerm?   Return to top
If this happens completely uninstall all existing JDK versions on your computer, then download and install JDK6 update 7 or later from SUN

Navigation

Poll

Who is the main funder of your research?:

©NGS