First, set the GLOBUS_LOCATION environment variable to the location of your GSI-enabled OpenSSH installation. It may already be set for you by your system administrator.

Then, create a proxy credential for GSI authentication by running the grid-proxy-init program. This is your single sign-on to the Grid. By default, grid-proxy-init will create a proxy credential good for 12 hours.

To create a proxy credential with a different lifetime, use the -hours option.

For example:

% grid-proxy-init -hours 8

To delete a proxy that was previously create with grid-proxy-init, run:

% grid-proxy-destroy

Before you can connect to a site, the site needs to know the identity in your certificate so that it can map that identity to your local account. At a minimum, the site will need to know your subject name from your certificate. You can get your subject name by running grid-cert-info with the -subject argument. For example:

% grid-cert-info -subject

Email your subject name to the administrator of the system you wish to connect to so that they can add your entry to the appropriate authorization files.

Once you have your proxy credential, all you should have to do is run gsissh, providing it with the hostname of the host you want to connect to. For example:

% gsissh myhost.somedomain.edu

You should then find yourself automatically logged into your account on the remote system. If something goes wrong, please see Section 5, “Troubleshooting” for assistance.

This means that your proxy certificate has expired. You need to run grid-proxy-init to acquire a new proxy certificate, then run gsissh again.

This could mean that you don't have a proxy certificate; try running grid-proxy-init and then running gsissh again. It could also mean that the GSI authentication is failing for some reason and gsissh is falling back to a different authentication mechanism. Reasons that it might fail include: