This page contains notes on how to use sybil.physics.wisc.edu. This is a virtual machine set up for data analysis by Susan Nossal, Ed Mierkiewicz, Carey Woodward, Joe McInerney, Matt Haffner, Liying Qian, and collaborators.
ssh access
To connect to sybil via ssh from outside the wisc.edu network, it is necessary to first ssh to login.physics.wisc.edu and then from there to sybil. An openssh client can be configured to do this automatically and transparently by adding the following “jump host” configuration, typically in the file .ssh/config:
Host sybil.physics.wisc.edu
ProxyJump USER@login.physics.wisc.eduReplace USER with your physics.wisc.edu user name.
With the above configuration in place, you can ssh to sybil using the following command:
ssh USER@sybil.physics.wisc.edu
The scp and sftp commands will also make use of the jump host configuration.
If you do not wish to enter a password every time you ssh, you may be tempted to use an ssh key. However, this is problematic because it will result in you not having access to your home directory, which is in the AFS filesystem. Instead, you can use kerberos delegation.
If you wish to change your password, use the passwd command.
Linux
Sybil is running the Debian Linux operating system. For a basic introduction to Linux, see our Linux Intro.
IDL
astrolib is installed. At the command line run the following command before idl to add astrolib to IDL’s search path:
export IDL_PATH=':'/usr/share/gnudatalanguage/astrolibGUI access
There are several ways to use graphical programs such as idl on sybil. One is to use xrdp. Another is to use X forwarding over ssh. Another is to use VNC.
xrdp
To use xrdp, you will need a Windows Remote Desktop application on your computer. On a Windows computer, it is already installed. On a mac, you can install Windows Remote Desktop from App Store. Any program that is compatible with the Windows Remote Desktop may be used. There are several options that may be used in Linux.
Before connecting to xrdp on sybil, you will need to either connect to the wisc.edu network using WiscVPN (aka Global Protect) or use ssh port forwarding. To get access to WiscVPN, if you do not already have a UW NetID, you will need to request one by emailing help@physics.wisc.edu.
To use ssh port forwarding, you can use the following ssh command:
ssh -L 10000:sybil.physics.wisc.edu:3389 USER@login.physics.wisc.edu
This connects port 10000 on your computer to the xrdp service port 3389 on sybil for the duration of the ssh connection.
Once either WiscVPN or ssh port forwarding to port 3389 has been connected, open Windows Remote Desktop or equivalent. The first time, you will need to add an entry for sybil. If you are using WiscVPN, enter the PC name as sybil.physics.wisc.edu. If you are using ssh port forwarding, enter the PC name as localhost:10000.
When you connect to sybil in Windows Remote Desktop, it may warn you that the identity of the host is not verified. This is expected, so you may tell it to continue. Enter your physics.wisc.edu username and password. Then you should see a graphical desktop where you can start terminals and run other programs.
You may disconnect and reconnect to the same session if you need to leave something running. However, beware that your AFS home directory token may expire if you have a very long running session. The way to check for that and remedy it is described in the AFS section.
X forwarding over ssh
This allows programs on sybil that you start via the command-line to display graphical windows on your computer using X Windows, which must be installed and set up on your computer. To enable X forwarding, use the -X or -Y ssh option. To do this automatically every time you ssh to sybil, you could add ForwardX11 yes to the ssh configuration in the same section where the jump host is configured.
VNC
Another way to use graphical programs is to run a VNC server on sybil and then connect to that via a VNC client. One advantage of this over X forwarding is that, like xrdp, you can disconnect your computer and later reconnect to resume where you left off.
To start the VNC server, run the following command on sybil:
vncserver -geometry 1024x768
To connect to the VNC server using a VNC client running on sybil, run the following command in an ssh session with X forwarding, replacing 1 with the display number assigned when vncserver was started:
vncviewer sybil:1
To stop the VNC server, use the following command, replacing 1 with the display number assigned when vncserver was started:
vncserver -kill :1
Rather than running vncviewer on sybil and viewing it over X forwarding, performance may be improved by running vncviewer on your computer and using ssh port forwarding to allow it to connect to the VNC server. To do so, you will need to know the port number being used by the server. One way to find it is to look in the log file for a line of the form Listening for VNC connections on TCP port N. The path to the log file is displayed when the server is started. It is in the .vnc directory.
Another way to find the port is to examine the VNC server process using the following command:
ps uwwwx | grep vnc
Look for the port number in a line like the following:
dan 1881388 0.1 0.3 50652 14284 pts/1 S 17:29 0:00 Xtightvnc :1 -desktop X -auth /afs/physics.wisc.edu/home/dan/.Xauthority -geometry 1024x768 -depth 24 -rfbwait 120000 -rfbauth /afs/physics.wisc.edu/home/dan/.vnc/passwd -rfbport 5901 -fp /usr/share/fonts/X11/misc/,/usr/share/fonts/X11/Type1/,/usr/share/fonts/X11/75dpi/,/usr/share/fonts/X11/100dpi/ -co /etc/X11/rgb
Once you know the port number, connect to sybil with ssh using the following arguments, replacing 5901 with the port number and USER with your physics.wisc.edu username:
ssh -L10000:localhost:5901 USER@sybil.physics.wisc.edu
The above command forwards port 10000 (arbitrarily chosen) on your computer to port 5901 on sybil. You can then run vncviewer on your computer and connect to port 10000, which will be forwarded by ssh to your VNC server port on sybil.
vncviewer localhost:10000
File storage in /smb/sybil
A space for sharing files with the group using sybil has been set up in the samba filesystem /smb/sybil.
The /smb filesystem uses kerberos to authenticate users. Kerberos authentication happens automatically when you log in. However, if you wish to run a cron job that accesses /smb/sybil, a kerberos ticket will need to be acquired by the cron job. This can be achieved by using a keytab. Talk to help@physics.wisc.edu to set that up.
Accessing /smb/sybil from other computers
One way to access /smb/sybil from your own computer is to use scp or sftp command-line tools or an application that uses these protocols for you. Example:
sftp USER@sybil.physics.wisc.edu:/smb/sybil
The rsync command is also useful for copying data to/from sybil, especially if you want to periodically synchronize data between two locations. Example of copying data to sybil with rsync:
rsync -rauv /path/to/source sybil.physics.wisc.edu:/smb/sybil/destination
To copy from sybil, reverse the order of the arguments:
rsync -rauv sybil.physics.wisc.edu:/smb/sybil/destination /path/to/source
Another way to access /smb/sybil is to connect your computer to the wisc.edu network and then access it as a network drive. This can be done using WiscVPN. For people who do not already have WiscVPN access, we can request that you be given access. Contact help@physics.wisc.edu to do so. Once connected to the campus network, follow the directions for connecting to SMB.
AFS Home Directory
Your home directory is in the AFS filesystem. There are a couple features of AFS that differ from typical filesystems in Linux. Like SMB, AFS uses kerberos to authenticate users and authorize access. This happens automatically when you log in. However, the AFS token that is created has a limited lifespan. If you stay logged in for longer, the AFS token will expire, and you will no longer be able to access your home directory. In this situation, you can get a new token by issuing the following commands:
kinit
aklog
To check the lifespan of your AFS token, use the following command:
tokens
Another feature of AFS that differs from a typical filesystem is the way file access permissions are controlled. For details about this, see the AFS section in our Linux Intro.