6. CRSP clients
Depending on your laptop there are a few clients that can be installed.
Please note that RCIC does not provide Windows OS or macOS support for the campus. If there is an operating system related issue, RCIC will refer you to you get support to address your systems issue first before installing CRSP Desktop.
For issues with clients please see CRSP Troubleshooting
6.1. DUO Multifactor Authentication
In July 2024, Campus DUO authentication will be mandatory for all CRSP desktop clients. The push response of DUO can become very tiresome. On some clients, DUO can make CRSP unusable because every file transfer requires another DUO push. RCIC cannot “turn off DUO.”
However, ssh keys with strong passwords is a secure method to to provide a different second factor of authentication. SSH keys managed properly do not require DUO after initial setup but still maintain strong security. Never copy an ssh private key file!
Quick Start
You should follow the guide to Generate SSH keys for different platforms.
Note
It is highly recommended that your private key file is in PEM format and has a .pem file extension. The CRSP desktop client seems to more reliably recognize PEM-formatted keys
Note
If using Windows, it is recommended to use the Powershell method for generating keys and not use PuTTY.
Use the Managing Public SSH Keys on CRSP guide for uploading public keys to CRSP
DO NOT COPY private ssh-keys. Every different physical device should have a different ssh key pair
Important
All ssh keys that you generate MUST have a strong password.Passwordless keys are a security violation.Learn how to use SSH Agent on your desktop/laptop. If on Windows, you can also Putty’s pageant. SSH agents securely store a private key in memory so that you only have to type the key’s passphrase once.
6.2. Managing Public SSH Keys on CRSP
CRSP uses ssh
for authentication but does not grant shell access. This means that common methods
updating as user’s authorized_keys file cannot be used.
Since there is no shell access to CRSP, you should use the procedure below to copy your ssh public key to CRSP.
To make ssh key management a bit more tractable, RCIC has built a very simple facility to add a new public key to your $HOME/.ssh/authorized_keys file on CRSP or to completely replace the contents of the authorized_keys file.
Note
In the steps below, command-line clients are used. These are available at the Linux terminal, the Mac Terminal, Windows Command line, and Windows Powershell.
Add an SSH Public Key
Suppose you have new public key in format similar to (single line broken for readability):
ssh-rsa AAAAB3NzADAQABAAABgQC1QciUGQzHTtSfnibqUqOotPVPYQcnJ71P12lHhy5R4K9h8SnYQHopwPK0 LxRWkc51LyI6cDSUbV2vmVBCBhAaYiUDmZIBwqXVToHn/B4MEGOBscT3jVd5cSC3F29dPU/oMEED5EPlZe2mZnOn VMaCK4tlNA5BpBc2oXQzlYZKcaT8PVAK8lC+iom6ECrGm8BBcKSkU7H8A5qbof8jfHrqDHWm2GB6/PezHo4UHEfWH jPA3QknLjRU71ydNmwoIPPLqSKsYEXyK+E/ULhkJOhU8QCusuKEE6hbScoEJJVgjj1vfiTigyg1khcj1v/QrnV 5IJiqx6vpkOhfbmb05qzUEL34AklhPkL3xpEb0n4Fefp8oE2cugSyYd1vRmLfGsaljgh9LzzBgvdFyeJi k= ssh key panteater@uci.edu for crsp
Now you need to add this key so that it can be recognized by CRSP. To accomplish this, use
sftp
to put the public key into the file $HOME/.ssh/add on CRSP. You will be asked for DUO authentication to authenticate to CRSP.In the following example, replace panteater with your UCINetID and replace the panteater-uci.pub with the name of the file on your laptop that holds your public key.
What you type is in blue:
cd $HOME/.ssh # 1 sftp panteater@access.crsp.uci.edu:.ssh # 2 Password: Duo two-factor login for panteater Enter a passcode or select one of the following options: 1. Duo Push to XXX-XXX-1234 Passcode or option (1-1): 1 Connected to access.crsp.uci.edu. Changing to: /mmfs1/crsp/home/panteater/.ssh sftp> put panteter-uci.rsa.pub add # 3 Uploading panteater-uci.rsa.pub to /mmfs1/crsp/home/panteater/.ssh/add panteater-uci.rsa.pub 100% 742 9.1KB/s 00:00 sftp> ls # 4 add authorized_keys known_hosts sftp> quit # 5 cd $HOME # 6
The first
cd
command puts you in a directory where your ssh keys are.The
sftp
command makes a secure connection to the CRSP server.The sftp’s
put
command copies your public ssh key from your laptop to the CRSP server.the sftp’s
ls
command output must have add listed. Additional files as shown above may be present if you have previously used ssh and added keys.The sftp’s
quit
command stops sftp session.The last
cd
command puts you in your home area on your laptop.
After approximately 5 minutes, the CRSP server will append the contents of the uploaded file named add to your $HOME/.ssh/authorized_keys file. You will know that this has been completed when the file add disappears.
Verifying Access
Once your $HOME/.ssh/authorized_keys file is appended, you should be able to
sftp
to CRSP using the private key as the identity as in the following example. Notice that the passphrase for the key was requested and DUO was not required:sftp -i panteater-uci panteater@access.crsp.uci.edu Enter passphrase for key 'panteater-uci': Connected to access.crsp.uci.edu. sftp> quit
Starting over: Overwrite authorized_keys
Sometimes your $HOME/.ssh/authorized_keys needs more complex editing than simple addition of new key. You can completely overwrite the contents of the authorized_keys file with a new version.
Create a new version of the file on your local machine called newkeys. Edit it so that it appears exactly how it you need it to appear on CRSP.
Danger
You need to understand the format of authorized_keys file and what to put there. Ad hoc editions can make your CRSP access unusable if you upload a bad file.
Follow the SFTP Procedure EXCEPT once you get to the sftp prompt sftp> put the file as overwrite instead of add:
sftp> put newkeys overwrite Uploading newkeys to /mmfs1/crsp/home/panteater/.ssh/overwrite overwrite 100% 742 9.1KB/s 00:00 sftp> ls overwrite authorized_keys known_hosts sftp> quitWait 5 minutes for the new file to be put in place
6.3. Supported Protocols for Accessing CRSP
There are only three underlying data transfer protocols supported for accessing CRSP:
- SFTP:
- This is the only protocol available to desktop clients.
- NFSv4:
- Network File System.This is only supported on HPC3 through the path /share/crsp.
- HTTPS:
- This provides very simple, browser-based access to CRSP.This is a fallback access method.
6.4. CRSP Desktop App for macOS
The CRSP Desktop for macOS is a licensed and branded version of the generic Mountain Duck link:https://mountainduck.io/[Mountain Duck] product. product. It allows you to map one or more CRSP drives or file paths to a folder on your Mac.
Supported Operating System |
Minimum Hardware Requirements |
---|---|
Monterey / Mojave / Catalina / Big Sur / Ventura |
Intel or ARM (Apple Silicon) Processor 8 GB of memory 1 GB of disk space |
6.4.1. macOS: Download Desktop App
Important
You must either be on the campus network or connected to the UCI campus VPN to download the installers.
UCI pays a per-seat license for CRSP Desktop. Please do not share your downloaded copy of CRSP Desktop Installer with anyone.
If you have a different (previous or newer) version of the CRSP Desktop (or Mountain Duck), you need to uninstall it.
- Download Step 1:
Using your choice of the web browser login to the CRSP File Browser using your UCNetID and password:
Respond to the DUO push:
- Download Step 2:
- After a successful authentication the window will look similar to the one shown below.Click on the CRSP-Desktop-Downloads tab, then click on the CONNECT:
- Download Step 3:
You should see three items on screen: a .pkg file for Mac clients, a .exe file for Windows, and older-versions folder. To toggle the between list and icon view click on the Layout icon outlined in green.
For the Mac, simply click on the file with .pkg ending:
- Download Step 4:
You should then see a screen with a download button on it and the full name of the file that will be downloaded to your local computer. Click Download:
You may see a popup window asking if you want to allow downloads from this site, click on Allow button and save the file to your local computer:
6.4.2. macOS: Install Desktop App
- Install Step 1:
Find the downloaded file, depending on your Mac configuration, the file is in your Downloads folder or in your Desktop:
- Install Step 2:
Double-click on the downloaded file name to launch the installation. You will see a confirmation window, click Open:
Congratulations! CRSP Desktop is now installed in your system!
6.4.5. macOS: Password + DUO vs. Passphrase
You have two authentication options when connecting to CRSP:
- 1. SSH Key with Passphrase
What to Expect with a Passphrase
It is highly recommended that you use ssh keys with a passphrase as described in the Quick Start guide.
When you click connect in the previous step, you should see popup window similar to the following (with your ssh key info):
Notice that a local file (ssh private key ~/.ssh/crsp-npw) and a passphrase are requested. You can optionally save the passphrase.
Assuming that the public key for the private key has been properly installed on CRSP, you should be connected without a DUO prompt.
- 2. UCINetID + password + DUO Push
What to expect with a Password + DUO
If you do NOT install an ssh key, you will be prompted for your UCINetID password and a DUO push. Even if you have the CRSP Desktop remember your password, the DUO Push will be required each and every time the desktop reconnects to CRSP.
Step 1 Enter your password, similar to the following:
Step 2 Respond to the DUO push
Usually, you would enter 1 in the box, click on Continue and you will receive a duo push on your phone. If your phone isn’t available, then you can enter one of your DUO backup codes that you set up when you enrolled in DUO through the UCI Office of Information Technology.
6.5. CRSP Desktop App for Windows
The CRSP Desktop for Windows is a licensed and branded version of the generic Mountain Duck link:https://mountainduck.io/[Mountain Duck] product. product. It allows you to map one or more CRSP drives or file paths to a folder on your PC.
Supported Operating System |
Minimum Hardware Requirements |
---|---|
Windows 10 / Windows 11 |
Pentium Class Processor 4 GB of memory (8 GB recommended) 1 GB of disk space |
6.5.1. Windows: Download Desktop App
Important
You must either be on the campus network or connected to the UCI campus VPN to download the installers.
UCI pays a per-seat license for CRSP Desktop. Please do not share your downloaded copy of CRSP Desktop Installer with anyone.
If you have a different (previous or newer) version of the CRSP Desktop (or Mountain Duck), you need to uninstall it.
- Download Step 1:
Using your choice of the web browser login to the CRSP File Browser using your UCNetID and password, follow with DUO authentication:
Respond to the DUO push:
- Download Step 2:
- After a successful authentication the window will look similar to the one shown below.Click on the CRSP-Desktop-Downloads tab, then click on the CONNECT:
- Download Step 3:
You should see three items on screen: a .pkg file for Mac clients, a .exe file for Windows, and older-versions folder. To toggle the between list and icon view click on the Layout icon outlined in green.
For the Windows, simply click on the file with .exe ending.
- Download Step 4:
You should then see a screen with a download button on it and the full name of the file that will be downloaded to your local computer. Click Download and save the file to your local computer:
6.5.2. Windows: Install Desktop App
- Install Step 1
By default, the file is downloaded in your Downloads folder. Find the downloaded file, double-click on it to launch the installation. This installation includes the licensed version of CRSP Desktop.
- Install Step 2
In the opened window click Install to Install the CRSP Desktop on your laptop.
- Install Step 3
After a successful installation, follow the instructions and click Restart to restart your computer:
Congratulations! CRSP Desktop is now installed in your system!
6.5.5. Windows: Password + DUO vs. Passphrase
You have two authentication options when connecting to CRSP:
- 1. SSH Key with Passphrase
What to Expect with a Passphrase
It is highly recommended that you use ssh keys with a passphrase as described in the Quick Start guide.
When you click connect in the previous step, you should see popup window similar to the following:
Notice that a local file (ssh private key) and a passphrase is requested. You can optionally save the passphrase. Assuming that the public key for the private key has been properly installed on CRSP, you should be connected without a DUO prompt.
- 2. UCINetID + password + DUO Push
What to expect with a Password + DUO
If you do NOT install an ssh key, you will be prompted for your UCINetID password and a DUO push. Even if you have the CRSP Desktop remember your password, the DUO Push will be required each and every time the desktop reconnects to CRSP.
Step 1 Enter your password, similar to the following:
Step 2 Respond to the DUO push
Usually, you would enter 1 in the box, and you will receive a duo push on your phone. If your phone isn’t available, then you can enter one of your DUO backup codes that you set up when you enrolled in DUO through the UCI Office of Information Technology
6.6. Web based File Browser
A simple, easy to use File Browser is platform independent and is compatible with most web browsers.
Please note that File Browser is suitable only for lightweight use. We provide CRSP Desktop App for macOS and CRSP Desktop App for Windows for moderate to heavy use.
Important
Your system must be updated with the latest version of Google Chrome, or Firefox or Safari
You must be registered and setup with UCI DUO
6.6.1. Logging in
Using your choice of the web browser login to the CRSP File Browser using your UCNetID and password:
Respond to the DUO push:
6.6.2. Connect to your Lab or HOME area
Once logged in, you will be presented with the CRSP top level screen. You can follow the tabs to your Lab shared areas in My-labs or HOME private area in My-Home:
Important
Nothing can be stored in HOME area, it is used for for files associated with the account and for storing quota info file. It is a completely private area, only you have access.
We recommend that you do most work on CRSP in your lab area. Lab areas are flexible for sharing. You can be granted access to multiple Lab areas.
To see your labs, Click on My-Labs, then click on CONNECT. You will see a screen similar to the next one. In this example a user npw has an access to 4 labs:
6.7. Linux SSHFS
This page illustrates how use sshfs on Linux laptops for accessing CRSP. Sshfs will Map CRSP Lab Share as a folder on your laptop.
6.7.1. Install sshfs
On your laptop you will need super user (sudo) rights to install sshfs.
- For CentOS based laptop
$ yum -y install sshfs
- For Ubuntu/Debian based systems
$ apt-get -y install sshfs
6.7.4. Using sshfs
Examples of sshfs use:
- Copy a file from your local system to your sshfs mounted drive
$ cp ~/dir1/file.tar.gz ~/crsp_mount/share/
- Recursively copy a directory from local system to mounted CRSP share using
rsync
$ rsync -rltv ~/dir1 ~/crsp_mount/share/
6.8. Access from HPC3
On HPC3, CRSP shares are mounted in /share/crsp:
[user@login-x:~]$ ls /share/crsp
home HOME-SNAPSHOTS lab LAB-SNAPSHOTS
- home:
HOME area for all users accounts
- HOME-SNAPSHOTS:
read-only access for HOME area snapshots
- lab:
Lab area for all users accounts
- LAB-SNAPSHOTS:
read-only access for LAB area snapshots
6.8.1. CRSP HOME
User CRSP HOME area is /share/crsp/home/ucinetid:
it is a placeholder for login related files
it is not the same as your cluster account’s $HOME
Do not store anything in your CRSP HOME
File /share/crsp/home/ucinetid/quotas.txt in your CRSP HOME area provides information about quotas. Please see Quotas for details.
6.8.2. CRSP LAB
LAB area is your primary storage area and is in /share/crsp/lab/ucinetid or any other LAB directories you have access for.
If you are a PI and it’s your lab
USERNAME |
LABNAME |
Mounted location |
Who has read/write access |
---|---|---|---|
your UCINetID |
your UCINetID |
/share/crsp/lab/LABNAME |
you can create any directories and files |
/share/crsp/lab/LABNAME/USERNAME |
your personal space |
If you are added to a PI lab e.g., you are a student/postdoc in the lab
USERNAME |
LABNAME |
Mounted location |
Who has read/write access |
---|---|---|---|
your UCINetID |
your PI UCINetID |
/share/crsp/lab/LABNAME/USERNAME |
you and PI |
/share/crsp/lab/LABNAME/share |
all lab members |
The following example shows the directory structure and permissions for a PI panteater who has a lab and added 2 students:
[user@login-x:~]$ ls -ld /share/crsp/lab/panteater
drwxr-x--T 3 panteater panteater_lab_share 512 Mar 6 15:58 /share/crsp/lab/panteater
[user@login-x:~]$ ls -l /share/crsp/lab/panteater
drwx--S--- 2 panteater panteater_lab 2048 Jul 12 10:22 panteater # by PI
drwxrws--- 2 student1 panteater_lab 512 Apr 29 10:27 student1 # by student1/PI
drwxrws--- 2 student2 panteater_lab 512 Apr 29 10:27 student2 # by student2/PI
drwxrws--T 4 panteater panteater_lab_share 512 Nov 2 2020 share # by all in lab
6.8.3. Moving data to CRSP
Please see Data transfer for in-depth commands examples.
For example, to recursively copy your mydir/ directory from DFS6 to your LAB share on CRSP:
[user@login-x:~]$ rsync -rv /dfs6/pub/paneater/mydir /share/crsp/lab/panteater/
6.9. Unsupported Clients
Please see the Unsupported CRSP Clients Guide for some pointers on unsupported clients.