Help:Access to Toolforge instances with PuTTY and WinSCP

Toolforge


Toolforge technical documentation Toolforge administrator documentation Help and communication List of tools Terms and conditions Glossary Technical documentation resources
Getting started Cloud VPS and Toolforge at a glance About Toolforge Toolforge quickstart guide How-tos, tutorials and walkthroughs Create a Wikimedia developer account Access Toolforge instances with PuTTY and WinSCP Troubleshooting Toolforge
Developing tools Tool accounts Developing successful tools Develop Mono/.NET tools and bots Develop tools in Java Develop tools in Python Develop tools using Pywikibot framework Web servers for tools (Kubernetes) Grid engine
Additional documentation Version control in Toolforge Elasticsearch for Toolforge Redis for Toolforge Dumps and Toolforge Database
v · d · e

Overview

This page documents Single-click solutions for accessing your Toolforge instances using PuTTY and WinSCP. For other Cloud VPS project than Tools, instructions differ.

With the correct settings, a single click shell connection or file transfer is possible, and no command line input trouble is needed.

Prerequisites

Information:

USERNAME: your shell username on wikitech and Toolforge (you may find it at Special:Preferences)
PATH-TO-YOUR-PRIVATE-KEY: the path and name of your private key file on your local system

Programs:

PuTTY
WinSCP
plink.exe (part of PuTTY suite)
Pageant (PuTTY authentication agent, part of both the PuTTY and WinSCP suites)

How to set up PuTTY for direct access to your Toolforge account

You are likely going to set up connections to each of the login servers:

Make sure private key is compatible with putty. Sometimes you need to convert it using puttygen or generate keys in PuTTY.

The remaining configuration options are identical for all login servers. Of course, you may prefer screen and scroll buffer sizes of your choice:

Adding a keep-alive time will prevent your connection from dropping when inactive.

In order to start the webservice, input the following commands:

$ become PROJECT-NAME
$ mkdir public_html
$ webservice start

Use webservice --help to get a full list of arguments.

How to set up WinSCP for direct access to your Toolforge account

With WinSCP you must setup a site pointing to the adequate hostname and change the advanced settings to use your private key file on the authentication tab.

Your project is located in the folder:
/data/project/PROJECT-NAME

Switch to the tool account by giving the protocol option:
sudo -u tools.PROJECT-NAME /usr/lib/sftp-server

Enter the path to your private key

Troubleshooting permissions errors

Sometimes the file system permissions on the tool's directory (/data/project/$TOOL) can get messed up and be missing the group write permission. You can check the current permissions by logging into a bastion and showing the directory:

$ ssh login.toolforge.org
$ ls -ld /data/project/bd808-test
drwxrwsr-x 7 tools.bd808-test tools.bd808-test 4096 Jul 19 15:07 /data/project/bd808-test/

The "drwxrwsr-x" section in the output above is the directory permissions. Each letter tells you something about the permissions mask on the file system:

"d" - this is a directory.
"rwx" - These are the permissions for the directory's owning user. "r" - read, "w" - write, "x" - eXecute.
"rws" - These are the permissions for the directory's owning group. "r" - read, "w" - write, "s" - sticky. Sticky implies execute and also attempts to set the same group ownership on all new files and directories created inside the directory.
"r-x" - These are the permissions for "other" users (users who are not the owner or in the owning group). The "-" means that other users cannot write to this directory.

Your user should be a member of the owning group for the directory. When you cannot upload files the problem is often that the "w" write permission is missing for the group on either the tool's directory itself or on a subdirectory or file that you are trying to change. Fixing that is as easy as logging into a bastion, becoming the tool, and changing the permissions:

$ ssh login.toolforge.org
$ become $MY_TOOL
$ chmod -R g+w /data/project/$MY_TOOL
# Recusively grant write permission to the group on all files and directories.

FileZilla

You may also like to use FileZilla for managing files in the remote directory. FileZilla supports SFTP and Putty SSH keys and can be configured with the same configuration settings as above for WinScp. See this link for how to put your SSH key to FileZilla. But FileZilla lacks the feature of on-login "sudo" SSH command unfortunately. So, you'll stay without "become PROJECT-NAME" forever and your experience won't be very comfortable. There's an issue at FileZilla support site.

References

Help:Putty

Communication and support

We communicate and provide support through several primary channels. Please reach out with questions and to join the conversation.

Communicate with us
	Connect	Best for
Phabricator Workboard	#Cloud-Services	Task tracking and bug reporting
IRC Channel	#wikimedia-cloud ^connect	General discussion and support
Mailing List	cloud@	Information about ongoing initiatives, general discussion and support
Announcement emails	cloud-announce@	Information about critical changes (all messages mirrored to cloud@)
News wiki page	News	Information about major near-term plans
Cloud Services Blog	Clouds & Unicorns	Learning more details about some of our work
Wikimedia Technology Blog	techblog.wikimedia.org	News and stories from the Wikimedia technical movement

Help:Access to Toolforge instances with PuTTY and WinSCP

Contents