The fundamental steps are as follows:

1) Users who have installed Globus or Cog-Kits

grid-proxy-init

Enter the passphrase that has been used when exporting the PKCS12-keystore.

Next, gsissh to one of the door nodes, e.g. SARA. The -p flag is optional, depending on your local configuration.

gsissh p6012.huygens.sara.nl -p 2222

Table 1: Door nodes in DEISA

SITE	Hostname	Port
CINECA	grid.sp6.cineca.it	2222
SARA	p6012.huygens.sara.nl	2222
LRZ (with firewall)	a01.hlrb2.lrz-muenchen.de	2222
RZG	vip.rzg.mpg.de	2222

Now, you should be logged on to one of the door node sites. To log on to your execution site,  e.g. LRZ

module load deisa globus
gsissh `deisa_service -i -s lrz`

The -i flag is network service flag to request for internal DEISA private network information. The-s flag is a service flag to request for  gsissh service information. The final argument is the site/machine option. Available options are "lrz lrz-rvs sara rzg rzg-bg ecmwf idris csc fzj fzj-bg bsc hlrs epcc cineca-bcx cineca cea". For more information, please invoke command deisa_service on any of the deisa machines without options to get the help manual.

N.B. if you have multiple DEISA accounts, you can specify the specific account you would like to access with the -l option,

e.g. gsissh `deisa_service -i -s sara` -l <deisa-username>

2) Users who are using GSISSH-Term

Please refer to the following page for more information.

Note, this process might involve placing your certificate's encrypted private key, as part of your keystore, on a networked system if you login to your Home Site using ssh. This is permitted by EUGridPMA but is currently not permitted by the Italian CA and by at least one German CA. If this process is not permitted by your CA, then your certificate may be revoked. We advise users to remove their personal certificates from the networked system once the proxy has been generated. Please note that you will have to upload your personal certificate to create new proxy  certificate once the old one has expired (typically 12 hours).  Alternatively, you can use DEISA's myProxy service to store and retrieve a copy of your proxy certificate (without having to transfer your private key to a networked system) or you can simply use gsissh, using e.g. GSISSH-Term, directly from your local workstation to avoid having to create proxy certificates on a networked system. GSISSH-Term will help you create the required proxy certificate and transfer it to the respective machines you gsissh to.

The fundamental steps are as follows.:

1) If your Home Site is a DEISA door node, then follow the method listed above in section 3.1.

2) If your Home Site is not a DEISA door node and you are using ssh to login to your homesite.

Login to your homesite. Create a directory .globus in your home directory (you only have to do this once).

mkdir $HOME/.globus

Export your certificate keystore, i.e. from your web browser on your local workstation, and copy it (e.g. scp)  to your $HOME/.globus at your homesite. N.B. you have to name it as usercred.p12. Now, modify the access rights of your keystore for security.

chmod 600 $HOME/.globus/usercred.p12

Next, invoke the following commands to login to e.g. SARA.

module load deisa globus
grid-proxy-init

Enter the passphrase of your usercred.p12 keystore.

gsissh `deisa_service -i -s sara`

The -i flag is network service flag to request for internal DEISA private network information. The-s flag is a service flag to request for  gsissh service information. The final argument is the site/machine option. Available options are "lrz lrz-rvs sara rzg rzg-bg ecmwf idris csc fzj fzj-bg bsc hlrs epcc cineca-bcx cineca cea". For more information, please invoke command deisa_service

on any of the deisa machines without options to get the help manual.

 

e.g. gsissh `deisa_service -i -s sara` -l <deisa-username>

Finally, please remember to remove your usercred.p12 if your CA does not permit you to store your certificate on a networked system.

rm $HOME/.globus/usercred.p12