Upgrade to use regular ssh

NERSC · Oct 12, 2018 · 5364f62 · 5364f62
1 parent fc95899
commit 5364f62
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 26 deletions.
diff --git a/jupyter-dev/hub-scripts/flush-certs.sh b/jupyter-dev/hub-scripts/flush-certs.sh
@@ -1,5 +1,9 @@
 #!/bin/bash
 
-# Get rid of any certs older than 2 weeks
+# Get rid of any cert files older than 2 weeks
 
-find /certs -type f -name 'x509_*' -mtime +14 -exec rm {} \;
+limit=14
+
+find /certs -type f -name '*.key'           -mtime +$limit -exec rm {} \;
+find /certs -type f -name '*.key-cert.pub'  -mtime +$limit -exec rm {} \;
+find /certs -type f -name '*.key.pub'       -mtime +$limit -exec rm {} \;
diff --git a/jupyter-dev/hub-scripts/kill-cori.sh b/jupyter-dev/hub-scripts/kill-cori.sh
@@ -5,27 +5,28 @@
 
 usernames=("$@")
 if [ ${#usernames[@]} -eq 0 ]; then
-    for cert in /certs/x509_*
+    for cert in /certs/*.key
     do
-        username=$(echo $cert | cut -b 13-)
+        username=$(echo $cert | cut -b8- | sed 's/\.key$//')
         usernames=(${usernames[@]} $username)
     done
 fi
 
 for username in ${usernames[@]}
 do
-    cert=/certs/x509_$username
+    cert=/certs/$username.key
     echo $username $cert
     if [ ! -f $cert ]; then
         echo " ... SKIPPED no cert for $username"
         continue
     fi
-    export X509_USER_CERT=$cert
-    export X509_USER_KEY=$cert
-    gsissh \
-        -o StrictHostKeyChecking=no \
-        -l $username \
-        -p 2222 cori19-224.nersc.gov \
+    /usr/bin/ssh                                \
+        -i $cert                                \
+        -l $username                            \
+        -o PreferredAuthentications=publickey   \
+        -o StrictHostKeyChecking=no             \
+        -p 22                                   \
+        cori19-224.nersc.gov                    \
         /global/common/shared/das/jupyterhub/kill-my-old-jupyters.sh
     sleep 1
 done
diff --git a/jupyter-dev/hub-scripts/scram-user.sh b/jupyter-dev/hub-scripts/scram-user.sh
@@ -6,20 +6,21 @@
 
 for username in "$@"
 do
-    cert=/certs/x509_$username
+    cert=/certs/$username.key
     echo $username $cert
     if [ ! -f $cert ]; then
         echo " ... SKIPPED no cert for $username"
         continue
     fi
-    export X509_USER_CERT=$cert
-    export X509_USER_KEY=$cert
     for i in 1 2 3
     do
-        gsissh \
-            -o StrictHostKeyChecking=no \
-            -l $username \
-            -p 2222 cori19-224.nersc.gov \
+        /usr/bin/ssh                                \
+            -i $cert                                \
+            -l $username                            \
+            -o PreferredAuthentications=publickey   \
+            -o StrictHostKeyChecking=no             \
+            -p 22                                   \
+            cori19-224.nersc.gov                    \
             killall -u $username
         sleep 1
     done

diff --git a/jupyter-dev/hub-scripts/test-user.sh b/jupyter-dev/hub-scripts/test-user.sh
@@ -1,17 +1,18 @@
 #!/bin/bash
 
-# Test a user's ability to gsissh in.
+# Test user's ability to ssh
 
 username=$1
-cert=/certs/x509_$username
+cert=/certs/$username.key
 echo $username $cert
 if [ ! -f $cert ]; then
     echo " ... no cert for $username"
     exit 1
 fi
-export X509_USER_CERT=$cert
-export X509_USER_KEY=$cert
-gsissh \
-    -o StrictHostKeyChecking=no \
-    -l $username \
-    -p 2222 cori19-224.nersc.gov
+/usr/bin/ssh                                \
+    -i $cert                                \
+    -l $username                            \
+    -o PreferredAuthentications=publickey   \
+    -o StrictHostKeyChecking=no             \
+    -p 22                                   \
+    cori19-224.nersc.gov