Skip to main content

Accessing the AFS from home

Forge's AFS is accessible from outside the school's network using the SSH Gate.

Setup

Add the following to your SSH config (~/.ssh/config):

Host ssh.cri.epita.fr
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials yes
info

For NixOS users: since 24.11, OpenSSH is now compiled without GSSAPI support, which means you won't be able to connect to the SSH gate with the regular package.

To fix this change the package used by programs.ssh:

programs.ssh.pacakge = pkgs.openssh_gssapi;

Procedure

Run kinit -f login@CRI.EPITA.FR (replace login with your login) and type in your Forge password when asked.

Browse interactively your AFS

Run sftp login@ssh.cri.epita.fr, (replace login with your login) a SFTP prompt should show up. You can refer to the sftp(1) man page to get familiar with the tool.

If your login is xavier.login, your files are located in /afs/cri.epita.fr/user/x/xa/xavier.login/u/.

$ sftp xavier.login@ssh.cri.epita.fr
Connected to ssh.cri.epita.fr.
sftp> cd /afs/cri.epita.fr/user/x/xa/xavier.login/u/
sftp> ls -la
drwxr-xr-x    3 xavier.login 8000         2048 Sep 14 05:55 .
drwxrwxrwx    3 xavier.login 8000         2048 Sep 14  2017 ..
drwxr-xr-x    9 xavier.login 8000         2048 Oct 29 23:55 .confs

If you get a Permission denied error when trying to access to your files, you very likely made a mistake in your setup. Make sure you did not connect using your SSH Agent or through your SSH keys.

Mounting the AFS

You can also mount the AFS to your Linux system in a very similar way as it is done at school.

This can be done using the following commands:

mkdir -p afs
sshfs -o reconnect login@ssh.cri.epita.fr:/afs/cri.epita.fr/user/x/xa/xavier.login/u/ afs
warning

The files will not be accessible after the Kerberos ticket expires (usually after a few days). If this happens, ask for a new ticket by running kinit -f login@CRI.EPITA.FR and unmount the afs folder by running umount afs/. You can then mount it again with the same sshfs command as previously.

info

For NixOS users: as with OpenSSH, the sshfs package is built against the regular OpenSSH without GSSAPI support. You need to override the package to use the fixed OpenSSH build with GSSAPI support:

nixpkgs.overlays = [
  (final: prev: {
    sshfs = prev.sshfs.override {
      callPackage = prev.newScope {
        openssh = pkgs.openssh_gssapi;
      };
    };
  }) 
];