GT Users: I've had to perform the steps I list below to get the GSI-enabled SSH server and client installed on Debian wheezy. Some of the issues are fairly obvious bugs that appear not to have been caught over the last several releases, but I also wonder whether I'm missing some meta-package that would facilitate their installation.
If not, I'm happy to submit a bug report or have one submitted on my behalf. The instructions are very gridftp-centric and that is not my typical use case. http://toolkit.globus.org/toolkit/downloads/latest-stable/ Workaround for installation: 1. apt-get install openssh-server # at least as of July 2013, the GSI packages do not create an ssh user, this does 2. Login via ssh 3. service ssh stop 4. update-rc.d -f ssh remove DON'T LOGOUT! WE JUST NEED PORT 22 TO BE UNUSED 5. wget http://www.globus.org/ftppub/gt5/5.2/stable/packages/deb/debian/ wheezy /pool/contrib/g/globus-repository/globus-repository-5.2-stable-wheezy_0.0.3_all.deb 6. dpkg -i globus-repository-5.2-stable-wheezy_0.0.3_all.deb 7. apt-get update 8. apt-get install libglobus-gss-assist3 libglobus-usage0 # dependencies that are not included in the packaging 9. ln -s /usr/bin/ssh-keygen /usr/bin/gsissh-keygen # a necessary file not provided by the package 10. apt-get install gsi-openssh-clients gsi-openssh-server # works A-OK 11. edit /etc/init.d/gsi-openssh-server 11a. Change: ECDSA_KEY=$sysconfdir/ssh_host_ecdsa_key to ECDSA_KEY=/etc/gsissh/ssh_host_ecdsa_key This must be something I'm missing - what is the purpose of having the ECDSA key installed somewhere different from the RSA keys? 11b. remove second 'e' from eecdsa later in the file # obvious typo 11c. add 'do_ecdsa_keygen' after 'do_rsa_keygen' in the start() function. # without this, not ECDSA key will be generated and a warning will be printed at gsisshd startup 12. service gsi-openssh-server restart --- Tom Downes Associate Scientist and Data Center Manager Center for Gravitation, Cosmology and Astrophysics University of Wisconsin-Milwaukee 414.229.2678
