SFS

We use SFS to provide a secure distributed filesystem. Both emulab classic nodes and widearea netbed nodes in your experiments can be accessed via the SFS filesystem, either from users.emulab.net or from any machine you have access to that is running the SFS client software. Further, you can access any node in your experiment from any other node in your experiment, all via the /sfs/netbed directory.

When your Emulab account is created, we create an SFS public/private key pair for you and store the public part in our database. Your private key is stored in your ~/.sfs directory, and just like your Emulab generated SSH key, there is no passphrase protecting your SFS key; you should not reuse this key anywhere else. It is fine to copy this private key back to your home machine, but only if your home machine is secure and your home directory is not NFS mounted on a public network! This will allow you to access your experimental nodes without having to first log into users.emulab.net. Either way, accessing your experimental nodes is easy. When you are logged into users.emulab.net:

	sfsagent
	cd /sfs/netbed/nodeA.myexp.mypid

If instead you have copied your emulab private key to your home machine, and have added it to your agent, then you can add the following certprog to your agent:

	sfskey certprog -p netbed dirsearch \
	  /sfs/ops.emulab.net:eu7f8hmfpxk54t4uqdhpkhy7qtwqx7fn/q/proj/.sfs
	cd /sfs/netbed/nodeA.myexp.mypid

As with SSH public keys, we distribute SFS public keys to all of the nodes in your experiment (for all of the users in your project or group). This allows anyone in your project to access the fileystems on all of the experimental nodes. Further, when your experimental nodes boot for the first time, a new SFS host key is generated and passed back to ops.emulab.net. These host keys are used to generate the /sfs/netbed directory so that you see the same view of your nodes, no matter where you are logged in.

You can also use the SFS rex program to log into your nodes (or to users.emulab.net). Rex is the SFS equivalent of SSH; once you have started your SFS agent, rex will forward your private keys, much like SSH forwards your private keys when you use it to log in to another node. To log into one of your experimental nodes with rex:

	sfsagent
	rex -x /sfs/netbed/nodeA.myexp.mypid

To rex into users.emulab.net:

	sfsagent
	rex -x /sfs/netbed/users.emulab.net

As with SSH keys, you may also upload the public parts of your own SFS keys. We store those public keys in our database, and distribute them to all of the nodes in your experiments. This is better and safer than copying the Emulab generated key back to your home machine, since generally your own keys are passphrase protected and secure from theft when on a (semi)public network. You may add and delete SFS public keys from your user profile by going to the Update User Information page.