Managing Project and Instance Access

Owned by Luke Edwards
Last updated: Jun 22, 2022 by Audrey Stott
2 min read

1) Project access

A PI (Principal Investigator) can use Origin to add or remove members to their project.  To do this visit - https://portal.pawsey.org.au/origin/ and go to My Account > Manage Team click on New Invite and complete details for a new "Project Admin" user.  

This will enable the user to access the dashboard (https://nimbus.pawsey.org.au/), and allow them to undertake administrative and management roles such as monitoring and managing the resources allocated to the project. From the dashboard the user can create, configure, start, stop, modify, and delete instances and storage volumes within your project.

Users do not have to be a member of the project in order to have SSH access to an instance (see below).


2) Instance access

If you’re looking to give users SSH access to an instance, you will need to append their SSH public key (which should start with "ssh-rsa" followed by a long string) to the file /home/ubuntu/.ssh/authorized_keys (make sure that you append to the file, DO NOT overwrite what is there already or you will lose access to the instance yourself).

To do this while logged in to the instance, you can simply append the public key to the authorized_keys file directly using copy and paste (e.g. nano ~/.ssh/authorized_keys then paste in the string of characters from the public key). If the public key has been transferred to your instance, the contents of the file may be appended using the following example:

cat id_rsa.pub >> ~/.ssh/authorized_keys


Alternatively, if not logged into the instance, you can run the following from a local terminal session. By default, the ssh-copy-id command appends keys to the remote user's ~/.ssh/authorized_keys file:

ssh-copy-id -i <public_key_file_to_add> ubuntu@<ip_address_of_instance>

Replace <public_key_file_to_add> with the filename of their public key file, and <ip_address_of_instance> with the IP address of your instance, for example:

ssh-copy-id -i id_rsa.pub ubuntu@146.118.64.158


Replace ubuntu with centos in the examples above if your instance was created using one of the CentOS images.


So to summarise, there are 3 levels of Nimbus access:
1. Project owner + Member, can do everything, is responsible for everything
2. Member, can do everything (given Project Access)
3. Instance user, granted access by Member after instance created