--------------------------------------------------
o GFDL Servers For Outside Connections (via ssh) o
--------------------------------------------------
   ssh.gfdl.noaa.gov            (RSA Fob)
   gaea-rsa.rdhpcs.noaa.gov     (GAEA)
   analysis-rsa.rdhpcs.noaa.gov (Analysis)
   public5.gfdl.noaa.gov        (public machine for outside connection) [RHEL8]
   public6.gfdl.noaa.gov        (public machine for outside connection) [RHEL8]

------------------------------------------------------
o GFDL Servers Connection From Within GFDL (via ssh) o
------------------------------------------------------
   ssh                          (RSA Fob)
   gaea                         (GAEA - CAC)      [use sshg3]
   analysis                     (Analysis - CAC)  [use sshg3]

----------------------------
o Obtain Tiger VNC & Putty o
----------------------------
   Get Putty executable from :
      http://www.putty.nl/download.html

   Get Tiger VNC executable from:
      https://tigervnc.org/
      https://github.com/TigerVNC/tigervnc/releases

   Documentation for vncviewer
      https://tigervnc.org/doc/vncviewer.html

   If your computer is 64-bit, it is recommended that you use the 64-bit
   version, but it is not required.

   This is the viewer, not the server, so does not require admin rights.

-------------------
o Personal VNC ID o
-------------------
   vncid jrl  OR  echo "`id -u` +5900" | bc
      7026
   Mu user id is 1126 -- add 5900 to get VNC id
   OPS can supply this too
   Can bookmark in browser:  http://www.gfdl.noaa.gov/access/?port=5905
   JRL NOTE: The vncid is user not machine specific.

----------------
o Port Numbers o
----------------
   Ports to use for TigerVNC:
     5905 --> use for personal workstation (e.g. jrl)
     5908 --> public3 RHEL7 machine (until June 2024)
     5909 --> public4 RHEL7 machine (until June 2024)
     5910 --> public5 RHEL8 machine
     5911 --> public6 RHEL8 machine

   In the VNC Viewer box that asks for a VNC Server enter "localhost::5905"
   as the port number if connecting to my own workstation (i.e. jrl).

   Port to use for X2Go:
     2905 --> use for personal workstation (e.g. jrl)
     2908 --> public3 RHEL7 machine (until June 2024)
     2909 --> public4 RHEL7 machine (until June 2024)
     2910 --> public5 RHEL8 machine
     2911 --> public6 RHEL8 machine

-------------------------
o From A Windows System o
-------------------------

   Use Putty & the Tiger VNC viewer.

   In the VNC Viewer box that asks for a VNC Server enter "localhost::5905"

   Documentation:
      https://www.gfdl.noaa.gov/access/documentation
      https://www.gfdl.noaa.gov/access/documentation/Proxy_Documentation.pdf
      https://www.gfdl.noaa.gov/access/documentation/PuTTY_Documentation.pdf
      https://www.gfdl.noaa.gov/access/documentation/TigerVNC_Documentation.pdf
      https://www.gfdl.noaa.gov/access/documentation/X2Go_Documentation.pdf
      https://www.gfdl.noaa.gov/access/documentation/VNC_Documentation.pdf

---------------------
o From A MAC System o
---------------------

    (0) Install TigerVNC viewer in MAC /Applications folder (save old copy?)

    (1) sshg

        which is an alias for:
           ssh -l John.Lanzante -L 5905:jrl:7026 ssh.gfdl.noaa.gov RSA FOB
           ssh -L 5905:jrl:7026 John.Lanzante@ssh.gfdl.noaa.gov    RSA FOB [ALT]

        Alternately, to connect to public3
           ssh -l John.Lanzante -L 5908:public3:7026 ssh.gfdl.noaa.gov  RSA FOB

    (2) Enter RSA personal PIN + RSA passcode

    (3) ssh to my workstation (jrl) or public3 machine
           ssh john.lanzante@jrl
           ssh John.Lanzante@public3.gfdl.noaa.gov

    (4) Enter GFDL Password

    (5) VNC 0 then VCN 6b

    (6) In Tiger VNC:
          VNC server: localhost::5905
             Username:   Either John.Lanzante or john.lanzante
             Password:   GFDL password
          Alternately, to connect to public3
             VNC server: localhost::5908

    (7) Once connected use "F8" to get a menu

----------------------------
o From A Linux/Unix System o
----------------------------
   ssh -l John.Lanzante ssh.gfdl.noaa.gov
   ssh John.Lanzante@ssh.gfdl.noaa.gov                           [ALT]

--------------------
o VNC Viewer [OLD] o
--------------------
   Regardless of the system:
      In the VNC Viewer box that asks for a VNC Server enter "localhost::5905"
      For Encryption enter "Let VNC Server chose"
      User Options (Advanced) Inputs tab "Enable 3-button mouse emulation"
      Username: "jrl"
      Password:  UMS password

   Problem:
     When VNC comes up it has "jrl" as the username.
     How can I get it to have my "First.Last" instead?
        In "VNC Preferences" go to the "Expert" tab --> scroll down to UserName.
        Enter "John.Lanzante".

-----------------
o X2Go & Vienna o
-----------------
 o Steps for one-time set-up of X2Go:
     1) Download & install XQuartz (a dmg) from https://www.xquartz.org/.
     2) Log out and log back in.
     3) Open up X2Go Client and define a session.
        Pull-down menu at the right: Session preferences ...
        In the Session tab:
           Session name:  Whatever name you want
           Host:          127.0.0.1
           Login:         John.Lanzante
           SSH port:      2905
           Session type:  KDE or GNOME (whichever you use)
           Then hit OK.
        In the Connection tab:
           Connection spped:  WAN
           Method:            16m-jpeg
           Image quality:     9
           Then hit OK.
        In the Input/Output tab:
           Display
           Custom:           Width 800  Height 600
           Set display DPI:  72
           Clipboard mode:   Bidirectional copy and paste
           Then hit OK.
        In the media tab:
           Enable sound support
           Pulse audio
           Use SSH port forwarding to tunnel sound system ... through firewalls
           Client side printing support
           Then hit OK.
        In the shared folders tab:
           Use SSH port forwarding to tunnel file system ... through firewalls
           Then hit OK.

 o Connect to jrl via the ssh server [my MAC alias is sshgx]:
     ssh -l John.Lanzante -L 2905:jrl:22 ssh.gfdl.noaa.gov

 o Initiate the X2Go session:
     Open up X2Go Client -- at the main window, click on "New session".
        Login:    John.Lanzante
        Password: GFDL/AD password
        Hit "Ok".

 o The keyboard mappings may be wrong, if so change the selected keyboard type:
      System Settings --> Input Devices --> Keyboard --> Hardware -->
                                                                Keyboard_model:

      The default for in office Linux use:   "Generic | Generic 101-key PC"
      For an X2Go session via my iMAC use:   "Apple   | Old"

      Before logging out change back to:     "Generic | Generic 101-key PC"

 o Connect to Vienna (temporary work-around - solves keyboard problem):

     Full-size (too big)
       /home/m2d/freerdp-mac/bin/xfreerdp /home/gfdl/vdi/rd7-vdi.rdp /d:gfdl-noaa /sound:latency:400 /cert-ignore /size:1280x1024

     90%-size (just right)
       /home/m2d/freerdp-mac/bin/xfreerdp /home/gfdl/vdi/rd7-vdi.rdp /d:gfdl-noaa /sound:latency:400 /cert-ignore /size:90%

---------------------------------------------
o Accessing Internal GFDL Web Pages Via SSH o
---------------------------------------------
   Use the Automatic proxy configuration in browser. See:
      https://wiki.gfdl.noaa.gov/index.php/Remote_Access_via_CAC

-------------
o Host Keys o
-------------
  o When connecting to another machine using ssh there must be a pairing of
    keys. This is like a digital fingerprint. 

  o The 1st time you connect you are prompted to accept the host key. If you say
    yes then the key from the remote machine is saved locally on your machine.

  o If something changes on the remote machine (hardware or software) the host
    key may change -- so the earlier pairing is no longer valid. To alleviate
    this you must remove the old host key from your machine, reconnect to the
    remote machine, and allow it to establish a new key.

  o To remove the old host key on your linux machine:
      1) Go to /home/jrl/.ssh (more generally ~/.ssh/) & edit the file
         "known_hosts" -- remove the line corresponding to the remote host in
         question.
      2) From a linux machine (could use one of the public machines or mine)
            ssh-keygen -R jrl
            shh-keygen -R IP_address
            shh-keygen -R ldt-number

  o To remove the old host key from the GFDL Bastion (i.e. ssh machine):
            rmhost -R jrl
            rmhost -R IP_address
            rmhost -R ldt-number

  o NOTE:
    Here "jrl" is my workstation, "IP_address" is it's IP address and
    "ldt-number" is the number of my workstation. To determine these use the
    "host" command: "host jrl":
       jrl.gfdl.noaa.gov is an alias for ldt-4335152.gfdl.noaa.gov
       ldt-4335152.gfdl.noaa.gov has address 140.208.6.53

  o IMPORTANT:
    It may be necessary to remove host keys both from the linux environment as
    well as on the ssh server and possibly using the IP address and machine
    number as well as the machine alias (i.e.jrl).

  o https://wiki.gfdl.noaa.gov/index.php/RHEL_8_SSH_Host_Key_Removal

  o To regenerate host keys
       On my linux machine generate the new key-pair:
          ssh-keygen -o
          [may prompt to overwrite existing key -- respond "y"]
          [hit return when prompted for passphrase]
          This creates files "id_rsa" & "id_rsa.pub" in ~/.ssh
       On my linux machine convert the public key to RFC4716 format:
          ssh-keygen -e -f ~/.ssh/id_rsa.pub
          [the output is sent to the terminal]
          ---- BEGIN SSH2 PUBLIC KEY ----
          Comment: "1024-bit RSA, converted from OpenSSH by root@spiderwort"
          AAAAB3NzaC1yc2EAAAABIwAAAIEAkpzy9EaEnmCv+pXCvXyX1dFx/glsD7eOTmw6g25oOs
          WCzOaHIeZgd4SYH65Q8LtH5heS+4PTGVdvgt+PIj8IrPQNCsfn2+NCV4c3++Fc4S7vSCCH
          cHLa97eqFZabd5VcLhX9v0mcwa35jyNPoMatElvkeLMZYQCYoxL4KxOqYfc=
          ---- END SSH2 PUBLIC KEY ----
       Paste the output into ~/.ssh/authorized_keys
          nedit ~/.ssh/authorized_keys
       Connect to the ftp server and transfer the authorized key file
          cd ~/.ssh
          sftp ftp.gfdl.noaa.gov
          cd .ssh
          put authorized_keys
       Change the permissions of the .ssh directory & authorized_keys file
          sftp ftp.gfdl.noaa.gov
          chmod 700 .ssh
          [owner can r/w/x -- others can't r/w/x]
          cd .ssh
          chmod 600 authorized_keys
          [owner can r/w but can't x -- others can't r/w/x]

  o To enable batch file transfer under RHEL8
       Add to the end of the /home/jrl/.ssh/config file:
  Host ftp.gfdl.noaa.gov  ftp sftp.gfdl.noaa.gov sftp
       PubkeyAcceptedKeyTypes +ssh-rsa
       Can now execute batch file transfer via the commands in file BATCHFILE
          sftp -b BATCHFILE -o IdentityFile=/home/jrl/.ssh/id_rsa John.Lanzante@ftp

---------------------
o Use Of RSA Tokens o
---------------------
  o Connect via ssh
  o When prompted to enter RSA PASSCODE, enter PIN followed by 6 digits from FOB
  o When prompted to enter "new tokencode", wait for tokencode to change and
    then enter 6 digits from token
  o This logs you in to the ssh machine
  o ssh jrl
  o VNC
    NOTE: The tokencode is one time use only. After you have logged in using it,
          if you want another login you must wait for the tokencode to change.
          The tokencode refreshes once every minute.
          The bars on the left indicate time remaining until refresh.
            PASSCODE  = PIN followed by 6 digits from the FOB
            tokencode = 6 digits from the FOB
            Password  = regular GFDL password

------------------------------------------
o Security Certificates And Pass Phrases o
------------------------------------------
  o Gaea and Analysis machines use security certificates for access
  o There are two certificates: a "master" and a "proxy"
  o The master certificate has an associated passphrase of at least 3 words
  o A master certificate is good for 1 year -- after which time it must
    be recreated with a new passphrase (probably different from the prior one?)
  o A master certificate is not valid until it is signed (usually 1-2 days)
  o The next time you log in you will be asked the passphrase, along with your
    password from your token card -- this will create a proxy certificate.
  o Every time you log in it renews your proxy certificate for another 30 days
  o If your proxy expires you must again create a master certificate (which
    will have to be signed again) (may be able to reuse the passphrase?)
  o Uncertain whether Gaea and Analysis will share certificates.

----------------------
o Initial Fob Setup o
----------------------
  o One time only (before 1st connection to Gaea or Analysis) set up
    ".ssh/config" file by running this from your workstation:    setup-RSA
    [/home/gfdl/bin/setup-RSA]
    Answer "yes" to all questions.
  o If instead you are using public1 workstation run:
       /home/tlm/bin/usersetup/setup-gfdl-rsassh.pl  ???
  o When you first get an RSA Fob you must create a PIN as instructed:
       http://www.gfdl.noaa.gov/jrl_hidden_misc_access-gfdl/jrl_hidden_misc_access-gfdl_FOB-Activation.pdf

----------------------------
o Kde vs Gnome VNC Session o
----------------------------
  o Edit "~/.vnc/xstartup.el7" & uncomment (only) 1 of the following lines:
       COMMAND="startkde"
       COMMAND="gnome-session"
       COMMAND="env GNOME_SHELL_SESSION_MODE=classic gnome-session --session gnome-classic"

  o Edit "~/.vnc/config.user" & uncomment (only) 1 of the following lines:
       session=plasma
       session=gnome
       session=gnome-classic

  o Jonathan Sattelberger said "config.user" should override "xstartup.el7"

    https://wiki.gfdl.noaa.gov/index.php/RHEL_8_Desktop_Customization#Changing_the_default_desktop_environment_for_VNC_sessions
    Changing the default desktop environment for VNC sessions

-----------------------------------------
o Set kde As Default For Physical Login o
-----------------------------------------

  o One time only:
    Log into machine using First.Last [IMPORTANT: case sensitive John.Lanzante]
    using AD password. Select "plasma" from the list of choices. Can then log
    out. Next login with CAC will default to kde.

  o https://wiki.gfdl.noaa.gov/index.php/RHEL_8_Desktop_Customization#Changing_the_default_desktop_environment_for_VNC_sessions
    Changing the default desktop environment for local logins

-----------------------
o Lock Screen Problem o
-----------------------

  o CTL ALT F2 --> Go to text mode        [for lockscreen problem]
    CTL ALT F7 --> Go to graphical mode   [return to graphical mode]

################################################################################
                        SAMPLE SESSION GOING TO SSH MACHINE
################################################################################

jrl:/home/jrl> ssh John.Lanzante@ssh.gfdl.noaa.gov
=========================================================================
=                               WARNING!                                =
=========================================================================
= This is a United States Government computer system, which may be      =
= accessed and used only for official Government business by authorized =
= personnel.  Unauthorized access or use of this computer system may    =
= subject violators to criminal, civil, and/or administrative action.   =
=                                                                       =
= All information on this computer system may be intercepted, recorded, =
= read, copied, and disclosed by and to authorized personnel for        =
= official purposes, including criminal investigations.  Access or use  =
= of this computer system by any person, whether authorized or          =
= unauthorized, constitutes consent to these terms.                     =
=========================================================================
Access is via First.Last username only. Enter RSA PASSCODE:
Wait for the tokencode to change, then enter the new tokencode : 
Last login: Fri Dec  2 11:33:21 2011 from jrl.gfdl.noaa.gov
______________________________________________________________

         If you haven't read the warning, do so now.
______________________________________________________________

  Authorized users can ssh to their destination host.
 
 Special commands available:
   menu          -> prints this menu
   motd          -> prints Messages of the Day
   mystats       -> prints some general user statistics
   rmhost        -> removes old ssh host keys
   ssh [host]    -> secure shell session to a GFDL host
   warning       -> prints the warning message

[jrl@ssh ~]$ ssh jrl
*************************************************************************
*                               WARNING!                                *
*************************************************************************
* This is a United States Government computer system, which may be      *
* accessed and used only for official Government business by authorized *
* personnel.  Unauthorized access or use of this computer system may    *
* subject violators to criminal, civil, and/or administrative action.   *
*                                                                       *
* All information on this computer system may be intercepted, recorded, *
* read, copied, and disclosed by and to authorized personnel for        *
* official purposes, including criminal investigations.  Access or use  *
* of this computer system by any person, whether authorized or          *
* unauthorized, constitutes consent to these terms.                     *
*************************************************************************

jrl@jrl's password: 
Last login: Fri Dec  2 08:08:40 2011
jrl:/home/jrl> VNC

What do you want to do?

 [0] Stop any running VNC servers.

 or

     Start a new session:

   Resolution Choices                   Color Depth?

[1]     640x480 resolution              [A]     16 bit
[2]     800x600 resolution              [B]     24 bit
[3]     1024x768 resolution             
[4]     1280x1024 resolution
[5]     1600x1050 resolution
[6]     1600x1200 resolution
[7]     1400x1050 resolution
[8]     1920x1200 resolution

  ( eg, 3a would be 1024x768 at 16bit color depth )

OR, specify desired resolution followed by a color depth 
letter (eg, 3800x1600a)

PLEASE NOTE: 32bit color depth has been removed due to excessive problems.

  Enter selection -> 6a
Starting Xvnc in 1600x1200 with 16 bits of color 
on host jrl.gfdl.noaa.gov, display number 1126.

Reminders:

* Establish port forwarding (tunnels) if coming from outside GFDL.
  Source port 5905 to jrl:7026

  Unix / MacOSX SSH command line would be:
  ssh -l jrl -L 5905:jrl:7026 ssh.gfdl.noaa.gov

* Browser-based access (using Java applet) is at:

  http://www.gfdl.noaa.gov/access/?port=5905

* vncviewer access is at:

   vncviewer localhost::5905

   NOTE: Double colons in line above are deliberate.

Shortcut for next time:  /usr/bin/VNC 6a

Problems reported via http://help.gfdl.noaa.gov
or oar.gfdl.help@noaa.gov, please!

jrl:/home/jrl> VNC

Alert: Possible remaining VNC sessions:

* A VNC session on host 'jrl', started at Fri Dec  2 11:52:39 2011
  process id 29819.

What do you want to do?

 [0] Stop any running VNC servers.

 or

     Start a new session:

   Resolution Choices                   Color Depth?

[1]     640x480 resolution              [A]     16 bit
[2]     800x600 resolution              [B]     24 bit
[3]     1024x768 resolution             
[4]     1280x1024 resolution
[5]     1600x1050 resolution
[6]     1600x1200 resolution
[7]     1400x1050 resolution
[8]     1920x1200 resolution

  ( eg, 3a would be 1024x768 at 16bit color depth )

OR, specify desired resolution followed by a color depth 
letter (eg, 3800x1600a)

PLEASE NOTE: 32bit color depth has been removed due to excessive problems.

  Enter selection -> 0

Server on jrl stopped.

################################################################################
             SAMPLE SESSION GOING TO ANALYSIS (NOT ENTERING PASS PHRASE)
################################################################################

jrl:/home/jrl> ssh analysis
=========================================================================
=                               WARNING!                                =
=========================================================================
= This is a United States Government computer system, which may be      =
= accessed and used only for official Government business by authorized =
= personnel.  Unauthorized access or use of this computer system may    =
= subject violators to criminal, civil, and/or administrative action.   =
=                                                                       =
= All information on this computer system may be intercepted, recorded, =
= read, copied, and disclosed by and to authorized personnel for        =
= official purposes, including criminal investigations.  Access or use  =
= of this computer system by any person, whether authorized or          =
= unauthorized, constitutes consent to these terms.                     =
=========================================================================
Access is via First.Last username only. Enter RSA PASSCODE:
Last login: Fri Dec 16 19:14:51 2011 from jrl.gfdl.noaa.gov
Welcome to the NOAA RDHPCS.

Attempting to renew your proxy certificate...Proxy credential renewed.
Proxy has 720:00:00  (30.0 days) left.
The GFDL Analysis host configurations are:
Hostname            Description         
an001               12 cores, 2x memory, 2x /vftmp, NAG
an002               12 cores, 2x memory, 2x /vftmp, NAG
an003                8 cores            
an004                8 cores            
an005                8 cores            
an006                8 cores, CXFS      

You will now be connected to the lightest-loaded analysis host.
To select a specific host, hit ^C within 5 seconds.
Local port 41126 forwarded to remote host.
Remote port 51126 forwarded to local host.
See http://wiki.gfdl.noaa.gov/index.php/Login/configuration

an006:/home/John.Lanzante>

################################################################################
               SAMPLE SESSION GOING TO GAEA (NOT ENTERING PASS PHRASE)
################################################################################

jrl:/home/jrl> ssh gaea
The authenticity of host 'gaea-rsa.rdhpcs.noaa.gov (140.208.145.9)' can't be established.
RSA key fingerprint is e0:22:0c:e4:3f:8c:3f:66:26:4c:ef:1b:67:6b:31:a5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gaea-rsa.rdhpcs.noaa.gov,140.208.145.9' (RSA) to the list of known hosts.
=========================================================================
=                               WARNING!                                =
=========================================================================
= This is a United States Government computer system, which may be      =
= accessed and used only for official Government business by authorized =
= personnel.  Unauthorized access or use of this computer system may    =
= subject violators to criminal, civil, and/or administrative action.   =
=                                                                       =
= All information on this computer system may be intercepted, recorded, =
= read, copied, and disclosed by and to authorized personnel for        =
= official purposes, including criminal investigations.  Access or use  =
= of this computer system by any person, whether authorized or          =
= unauthorized, constitutes consent to these terms.                     =
=========================================================================
Access is via First.Last username only. Enter RSA PASSCODE:
Last login: Wed Dec  7 16:45:10 2011 from jrl.gfdl.noaa.gov
Welcome to the NOAA RDHPCS.

Attempting to renew your proxy certificate...Proxy credential renewed.
Proxy has 720:00:00  (30.0 days) left.
The Gaea destinations are:
Hostname            Description         
gaea1               Standard head node  
gaea2               Standard head node  
gaea3               Standard head node  
gaea4               Standard head node  
gaea8               Test head node; restricted access
t1-login1           Test system; restricted access
t1ms-login1         Test system; restricted access

You will now be connected to the loadbalancer for the CMRS system.
To select a specific host, hit ^C within 5 seconds.
Local port 31126 forwarded to remote host.
Remote port 21126 forwarded to local host.
See http://wiki.gfdl.noaa.gov/index.php/Login/configuration

********************************<<< gaea3="">>>**********************************
*                               NOTICE TO USERS                               *
*                                                                             *
*  This is a Federal computer system and is the property of the United        *
*  States Government. It is for authorized use only. Users (authorized or     *
*  unauthorized) have no explicit or implicit expectation of privacy.         *
*                                                                             *
*  Any or all uses of this system and all files on this system may be         *
*  intercepted, monitored, recorded, copied, audited, inspected, and          *
*  disclosed to authorized site, Department of Energy, and law enforcement    *
*  personnel, as well as authorized officials of other agencies, both         *
*  domestic and foreign.  By using this system, the user consents to such     *
*  interception, monitoring, recording, copying, auditing, inspection, and    *
*  disclosure at the discretion of authorized site or Department of Energy    *
*  personnel.                                                                 *
*                                                                             *
*  Unauthorized or improper use of this system may result in administrative   *
*  disciplinary action and civil and criminal penalties. By continuing to     *
*  use this system you indicate your awareness of and consent to these        *
*  terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to    *
*  the conditions stated in this warning.                                     *
*                                                                             *
********************************<<< gaea3="">>>**********************************
 ************************************************************************
                            NOTICE TO USERS
     This is a Federal computer system and is the property of the United 
 States Government.  It is for authorized use only.  Users (authorized or 
 unauthorized) have no explicit or implicit expectation of privacy.
     Any or all uses of this system and all files on this system may be 
 intercepted, monitored, recorded, copied, audited, inspected, and 
 disclosed to authorized site, Department of Energy, and law enforcement 
 personnel, as well as authorized officials of other agencies, both 
 domestic and foreign.  By using this system, the user consents to such 
 interception, monitoring, recording, copying, auditing, inspection, and 
 disclosure at the discretion of authorized site or Department of Energy 
 personnel.
     Unauthorized or improper use of this system may result in 
 administrative disciplinary action and civil and criminal penalties.  By
 continuing to use this system you indicate your awareness of and consent
 to these terms and conditions of use.  LOG OFF IMMEDIATELY if you do not
 agree to the conditions stated in this warning.
 ************************************************************************
home1/John.Lanzante>

################################################################################
                 SAMPLE SESSION GOING TO GAEA (ENTERING PASS PHRASE)
################################################################################

jrl:/home/jrl> ssh John.Lanzante@gaea-rsa.rdhpcs.noaa.gov
=========================================================================
=                               WARNING!                                =
=========================================================================
= This is a United States Government computer system, which may be      =
= accessed and used only for official Government business by authorized =
= personnel.  Unauthorized access or use of this computer system may    =
= subject violators to criminal, civil, and/or administrative action.   =
=                                                                       =
= All information on this computer system may be intercepted, recorded, =
= read, copied, and disclosed by and to authorized personnel for        =
= official purposes, including criminal investigations.  Access or use  =
= of this computer system by any person, whether authorized or          =
= unauthorized, constitutes consent to these terms.                     =
=========================================================================
Access is via First.Last username only. Enter RSA PASSCODE:
Last login: Fri Dec  2 12:03:13 2011 from jrl.gfdl.noaa.gov
Welcome to the NOAA RDHPCS.

Certificate unavailable, falling back to token access.

Hello John Lanzante! 

Access to NOAA R&DHPCS resources require use of digital certificates. 
You will have two certificates: a "master" and a "proxy".  As this may
be the first time that you are using certificates, the process has been
automated as much as possible.

A very simple way to think of certificates is that your "master"
certificate is like a passport.  A passport is necessary before you
travel and identifies you.  It will be renewed on an infrequent basis,
and is issued, or signed, by a central authority. The "proxy"
certificate is your visa.  It defines where you can go and how long
you can stay.  They last for a relatively short period of time and
need to be renewed often.

Proxy certificates are used by yourself to access certificate-aware
systems and by programs on your behalf, such as batch jobs and data
transfers that are "running as you."  R&DHPCS Proxy certificates are
good for 30 days.  For the R&DHPCS systems, every time you log in
through this bastion host, the system will automatically renew your
proxy certificate so that it will not expire for 30 days from that log in.

You are about to generate a 'master' certificate, good for one year,
which will be used to generate your proxy certificates.  This master
certificate is protected by a passphrase, which you need to choose
now.  Try to choose a sentence, or phrase, that you will be able to
remember even if you do not use it frequently.  Once your certificate
has been signed (usually 1-2 business days), the next time you log in,
you will be asked to enter this passphrase, along with your password
from your token card -- these steps create a proxy certificate that
will be used for access.

Please enter a certificate passphrase; at least 3 words: 
Please confirm the passphrase: 
Passphrase must be at least three words
Certificate request successfully generated.
Your certificate should be signed and available for use in a business day.

YOUR ACCOUNT MAY NOT BE ACCESSIBLE YET.  Your site (Jet, Vapor,
Princeton) may have a fallback authentication method that you can use
now.  I will allow you to continue onwards to your destination.  

  ==> IF YOU ARE A NEW USER to Gaea or Zeus,                               <==>=> WAIT until you get an email saying your certificate has been signed  <==>=> BEFORE attempting to log in again.  Thanks.                          <== ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^="" you="" will="" now="" be="" connected="" to="" the="" loadbalancer="" for="" cmrs="" system.="" hit="" ^c="" within="" 5="" seconds="" select="" another="" host.="" tunnels="" established="" from="" your="" originating="" host="" on="" port="" 31126="" gaea.rdhpcs.noaa.gov,="" and="" gaea.rdhpcs.noaa.gov="" 21126.="" further="" information:="" http:="">/wiki.gfdl.noaa.gov/index.php/Login/configuration_-_GFDL_users

********************************<<< gaea3="">>>**********************************
*                               NOTICE TO USERS                               *
*                                                                             *
*  This is a Federal computer system and is the property of the United        *
*  States Government. It is for authorized use only. Users (authorized or     *
*  unauthorized) have no explicit or implicit expectation of privacy.         *
*                                                                             *
*  Any or all uses of this system and all files on this system may be         *
*  intercepted, monitored, recorded, copied, audited, inspected, and          *
*  disclosed to authorized site, Department of Energy, and law enforcement    *
*  personnel, as well as authorized officials of other agencies, both         *
*  domestic and foreign.  By using this system, the user consents to such     *
*  interception, monitoring, recording, copying, auditing, inspection, and    *
*  disclosure at the discretion of authorized site or Department of Energy    *
*  personnel.                                                                 *
*                                                                             *
*  Unauthorized or improper use of this system may result in administrative   *
*  disciplinary action and civil and criminal penalties. By continuing to     *
*  use this system you indicate your awareness of and consent to these        *
*  terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to    *
*  the conditions stated in this warning.                                     *
*                                                                             *
********************************<<< gaea3="">>>**********************************
Password: 
Enter PASSCODE:
Password: 
Enter PASSCODE:
Password: 
Enter PASSCODE:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).
Connection to gaea-rsa.rdhpcs.noaa.gov closed.

################################################################################
################################################################################