Skip to content

How to install the client-side components#

Packages are available for the majority of linux distributions from our KIT repo server.

Some of these packages are available for Mac (via homebrew), too.

Windows ssh-client users have reported to be happy with WSL.

The examples show the installation with debian based systems. We are confident that you are smart enought to install the same package using yum, or zypper. ;)

1. Configure Repository#

Follow the instruction at our repo server at https://repo.data.kit.edu

2. Install packages#

You need oinit, we also recommend oidc-agent.

apt install oinit oidc-agent

You need mccli, we also recommend oidc-agent.

####
# as an admin:
apt install oidc-agent pipx

####
# as a user:
pipx install mccli

3. Configure oidc-agent#

In case no oidc-agent account is yet installed, do so now. This command will guide you through an interactive process for creating an oidc-agent configuration:

oidc-gen --pub

Find more help at https://indigo-dc.gitbook.io/oidc-agent/user/oidc-gen

4. Log in#

3.1: Configure ssh to use oinit for a specific host (only once per remote host): 

oinit add ssh-oidc-web.data.kit.edu
3.2: Actually log in. 
ssh ssh-oidc-web.data.kit.edu
You will be prompted for which OIDC provider you want to use, unless you provide the OIDC Access Token in an environment variable (e.g. $ACCESS_TOKEN), or any other well known way.

Use a slightly modified ssh commandline: 

mccli --oidc <oidc-agent-shortname> ssh ssh-oidc-web.data.kit.edu
Here you need to know the oidc-agent shortname that corresponds to the oidc agent configuration in use. Instead you could also provide the OIDC Access Token in an environment variable (e.g. $ACCESS_TOKEN), or any other well known way.