Setting up New User on UltraScan-in-a-Box
Introduction
In order to set up a new user on the USiaB server, you will need to have administrator rights on the USiaB server and on the client PC. The client PC should have either Windows 10, MacOS, or Linux.
For this, we will take the user name to be 'ultrascan3' and assume the client has a Windows 10 PC.
INSTRUCTIONAL VIDEO
0:00:00 Introduction (5:31)
5:31:20 Adding a user account to USiaB (2:37)
8:09:04 Adding a user to the ssh permission list (3:53)
12:03:04 Setting up a VNC password (1:2)
13:05:07 Adding a user to the VNC user list and starting up the VNC server (1:53)
14:58:13 Adding a Unix account ssh key (RSA) (2:1)
16:59:18 Registering a new LIMS account (4:30)
21:30:06 Assigning LIMS permissions for the new user (3:15)
24:45:10 Setting up a VNC ssh tunnel for the user (2:44)
27:30:04 Setting up authorized_keys in the Unix account of the new user (3:55)
31:25:13 Setting up the ssh VNC tunnel on the client computer (4:54)
36:20:09 Logging into VNC from the client computer (1:36)
37:56:09 Registering the UltraScan desktop software (2:5)
40:02:03 Connecting UltraScan to the LIMS account (4:28)
SSH Keys
Adding a user account to USiaB
On the USiaB server, open the terminal. You must be an admin. The command 'sudo su' will place you into the root shell ('su' means superuser), and '-' will read the environment of the shell. The command 'udduser' will add a new user to the shell with the name that is provided. A password must be added for the user. The software will check for the complexity of the password; include upper case letters, lower caser letters, numbers, and special characters to increase password security. A new home directory will now be setup under the name 'ultrascan3'.
[marielle@uslims ~]$ sudo su -
[root@uslims ~]# adduser ultrascan3
[root@uslims ~]# passwd ultrascan3
Changing password for user ultrascan3
New password: *****
Retype new password: *****
passwd: all authentication tokens updated successfully.
[root@uslims ~]# cd /home
[root@uslims ~]# ls
Adding a user to the ssh permission list
Now we can configure a secure shell program so that the new user can login from a remote location with a secure shell protocol. The configuration for a secure shell daemon will be in a text file in the new user's home directory, which will need to be edited. The security model of USiaB means that each user must be individually exempt, as well as the IP addresses from which they will be coming from.
Find the 'sshd_config' file. This file is the configuration file for the daemon that will accept incoming connections. This file must be edited.
[root@uslims home]# cd /etc
[root@uslims etc]# cd ssh
[root@uslims ssh]# pwd
/etc/ssh
[root@uslims ssh]# ls
ssh_config sshd_config
... ...
[root@uslims ssh]# vi sshd_config
Now you will be in a server configuration file. Scroll down to end for a section of the form:
Match host 142.66.01.3/22, [ip1], [ip2]
AllowUsers demeler marielle [new user name = ultrascan3]
Match all
Here, you can add specific IP addresses and user names. IP addresses are seperated by commas and user names are seperated by spaces. Click 'Esc' and type ':wq' to write and quit.
[root@uslims ssh]# systemctl restart sshd
Setting up a VNC password
Now, we can set up a VNC password for the new user by becoming the user using the 'sudo su' command.
[root@uslims ssh]# sudo su - ultrascan3
[ultrascan3@uslims ~]$ vncpasswd
Password: ******
Verify: ******
Would you like to enter a view-only password (y/n)? {n}
A view-only password is not used.
[ultrascan3@uslims ~] exit
Adding a user to the VNC user list and starting up the VNC server
Once the password has been set, we need to add the new user to the vnc user list. Every new user is assigned a private port number.
[root@uslims ssh]# vncadmin add ultrascan3
Info: adding user 'ultrascan3' to group vncusers
Info: creating /home/ultrascan3/.vnc/config
Notice: user 'ultrascan3' has been assigned vnc port 26
Now that the new user has been assigned a port number, open the vnc server as the user.
[root@uslims ssh]# sudo su - ultrascan3
[ultrascan3@uslims ~]$ sudo vncctl start
vnc port for user ultrascan is :26
for ssh tunneling use numerical port 5926
Adding a Unix account ssh key (RSA)
Now let us set up a RSA key for the new user. Use the command 'ssh-keygen -t rsa' t generate a RSA public/private key pair.
[ultrascan3@uslims ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ultrascan3/.ssh/id_rsa): {enter}
Created directory '/home/ultrascan3/.ssh'.
Enter passphrase (empty for no passphrase): {enter}
Enter same passphrase again: {enter}
Your identification has been saved in /home/ultrascan3/.ssh/id_rsa.
Your public key has been saved in /home/ultrascan3/.ssh/id_rsa.pub.
The key fingerprint is:
...
The key's randomart image is:
...
The file 'id_rsa' contains your personal private key. Never share this key. The file 'id_rsa.pub' is the public key for the public to see. You can share this key.
[ultrascan3@uslims ~]$ cd .ssh
[ultrascan3@uslims .ssh]$ ls
id_rsa
id_rsa.pub
UltraScan LIMS
Registering a new LIMS account
APPLY FOR ACCOUNT ON LIMS Go to uslims.uleth.ca Click on institution. CCH. Click on Login. Go to New users and sign up. Enter Captcha Register with personal information. first last name, organization, address, city, province, postal ode, country, phone, email. select create new account. New accoutn registration is mailed to email. follow directions within one week from cch.uleth.ca called "Your new UltraScan3 LIMS portal Account". click on link. login with temporary password. Under Change my Info to change password. Click update. Logout.
Assigning LIMS permissions for the new user
Assume role of administrator with superuser permissions who can change LIMS settings for new users so they can enter with elevated permissions. Go to Admin Info and Edit User Info. Find new user. Under User Level, edit to user level3 (admin). Provide access to us3lab-node0 super computer. Assign instrument permissions. Update. Logout.
VNC
Setting up a VNC ssh tunnel for the user
On the client computer, open the command prompt.
C:\Users\ultrascan3> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\ultrascan3/.ssh/id_rsa):
Created directory 'D:\Users\ultrascan3/.ssh'.
Enter passphrase (empty for no passphrase): {enter}
Enter same passphrase again: {enter}
Your identification has been saved in ...
Your public key has been saved in ...
The key fingerprint is:
....
The key's randomart image is:
...
C:\Users\ultrascan3> cd .ssh
C:\Users\ultrascan3/.ssh> dir
1,679 id_rsa
409 id_rsa.pub
...
The public key, 'id_rsa.pub', needs to be installed on the remote USiaB server on the new users account. The easiest way to do this is the main the public key to the administrator.
Setting up authorized_keys in the Unix account of the new user
Access the public key to download and open the file through a new terminal window.
[marielle@uslims ~]$ cd Downloads/
[marielle@uslims Downloads]$ ls -ltra
[marielle@uslims Downloads]$ vi id_rsa.pub
Copy key and move to the new user's terminal window.
[ultrascan3@uslims .ssh]$ vi authorized_keys
This will create a new file called 'authorized_keys'. In this file, paste the public RSA key into a single line. There should not be any line breaks. Click 'Esc' and type :wq to write and quit.
We can check the permissions of the 'authorized_key' file. They will be '-rw-rw-r--'. This allows read/write powers to the owner and group, and read powers to others.
[ultrascan3@uslims .ssh]$ ls - l
We need to change it to read/write powers for the owner only.
[ultrascan3@uslims .ssh]$ chmod 600 authorized_keys
Setting up the ssh VNC tunnel on the client computer
Now we can check to see if the VNC is active and running. Note the vnc port and numerical port.
[ultrascan3@uslims ~]$ sudo vncctl status
On the client computer, open the command shell. Since this is the first connection, there will be warnings.
C:\Users\ultrascan3> ssh ultrascan3@uslims.uleth.ca
The authenticity of host 'ultrascan3@uslims.uleth.ca (142.66.17.10)' can't be established.
ECDSA key fingerprint is SHA256:etc.
Are you sure you want to continue connecting (yes/no)? {yes}
Warning: Permanently adding 'uslims.uleth.ca,142.66.17.10' (ECDSA) to the list of known hosts.
Activate the web console with: systemctl enable --now cockpit.socket
Last Login: Fri Aug 20
Activate the web console with: systemctl enable --now cockpit.socket
Last Login: Fri Aug 20
Now we have access to the new user's account on the USiaB server. Next, we can tunnel the VNC connection to our local host. 'NCL' will run the command in the background, compress the connection, and create a forward tunnel to the following ports, with the local port number coming first.
C:\Users\ultrascan3> ssh -NCL 5901:localhost:5926 ultrascan3@uslims.uleth.ca
Logging into VNC from the client computer
Download a VNC viewer, For Windows 10, use TightVNC. Download the application to install it. Make sure to change the settings to include the viewer only; the server is not necessary.
Open the viewer. The remote host will be 'localhost:1'. Enter the new user's password to enter the VNC.
UltraScan Desktop Software
Registering the UltraScan desktop software
Register for UltraScan III Software. Email will be set to confirm your registration request. Once emial is confirmed, click finish registration. Close and reopen ultrascan.
Connecting UltraScan to the LIMS account
Now registar info from LIMS to US. In US:Edit: Preferences. change to database not local disk set password set other preferences Set database preferences to add new instance Database description: CCH Open LIMS account to copy over information from "database login info" Click "Test database connetivity" If successfuly, save. This completes configuration.
In US: Database: Manage Investigator you can see if it has worked.