================
First connection
================


At your **first attempt to connect** to PSMN (either from the ENS network or from outside, see figure below), you need to **strictly follow these instructions**:


The following message will appear at your first attempt to connect by :term:`SSH` to ``allo-psmn`` (or ``ssh.psmn``, then ``allo-psmn``):

.. code-block:: bash

    The authenticity of host allo-psmn.ens-lyon.fr (140.77.144.90) can not be established.
    RSA key fingerprint is xx:lots:of:caracters:ascii:xx:xx.


To the question:

.. code-block:: bash

    Are you sure you want to continue connecting (yes/no)?

answer :

.. code-block:: bash

    yes


.. figure:: /_static/synoptiques_gateways_first.png
    :alt: PSMN gateways synoptic
    :align: center
    :width: 660px

    Internal or External PSMN gateways synoptic

.. _generate_internal_psmn_ssh_keys:


Change your Password
====================

Change your password upon first connection to ``allo-psmn``.

Type ``passwd`` command and follow the instructions.

It is advisable to choose a strong password (see :ref:`strong_passphrase`) and store it in a password manager such as Keepass, Vaultwarden (`moncoffre.ens-lyon.fr <https://moncoffre.ens-lyon.fr/>`_), etc.




Generate internal PSMN SSH keys
===============================

.. IMPORTANT:: PSMN :term:`SSH` keys

    This step generates a :term:`SSH` keys pair which is needed for your work on PSMN servers: for instance, job management, which are automated process **on your behalf**, needs an automated authentication.

    These keys will be generated **without passphrase**, therefore they **MUST NOT** leave PSMN or be used for anything else: they basically provide no strong authentication.


So, the first time you connect by ssh to ``allo-psmn``, follow these instructions:

.. code-block:: bash

    ssh-keygen -t rsa

To the question:

.. code-block:: bash

    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/your_login/.ssh/id_rsa):

hit ENTER ⏎ (default answer).

To the questions:

.. code-block:: bash

    Enter passphrase (empty for no passphrase):

and

.. code-block:: bash

    Enter same passphrase again:

hit ENTER ⏎ (default answer) again.

Then, create the file ``~/.ssh/authorized_keys`` file by  typing:

.. code-block:: bash

    touch ~/.ssh/authorized_keys

and add (``>>``) your PSMN public SSH key (``id_rsa.pub``) to the ``~/.ssh/authorized_keys`` file:

.. code-block:: bash

    cat .ssh/id_rsa.pub >> ~/.ssh/authorized_keys


Define an minimal working environment 
=====================================

See our :doc:`../environment_and_tools/index` chapters.

* Define minimal ssh configuration

To automate as much as possible connections to machines and compute nodes, create the following configuration file (``~/.ssh/config``) on your "workstation":

.. code-block:: 

    Host *
      ServerAliveInterval 60
      ForwardX11Timeout 1d
      TCPKeepAlive yes
      ForwardAgent yes
      ForwardX11 yes         # for Linux
    #  ForwardX11Trusted yes # for MacOSX
      Compression yes
      StrictHostKeyChecking no
      HashKnownHosts no

You can find **a more complete file** in the chapter :ref:`Example of SSH configuration <configuration_example>`.

* vi/vim configuration file 

See our :doc:`vim chapter in editors page <../environment_and_tools/editors>`.