Namespaces

Variants
Actions
Personal tools

SSH Key Authentication

From UABgrid Documentation

(Difference between revisions)
Jump to: navigation, search
(SSH Passphrases)
(Linux and Mac)
 
Line 83: Line 83:
  
 
=== Linux and Mac ===
 
=== Linux and Mac ===
Open the terminal application and run the following command (make sure to use the backtick (`) not single quotes (')). We wrap this inside of an if statement to avoid starting more than one '''ssh-agent''', you only need one!
+
Open the terminal application and run the following command (make sure to use the backtick (`) not single quotes (')). We wrap this inside of an ''if statement'' to avoid starting more than one '''ssh-agent''', you only need one!
 
<pre>
 
<pre>
 
if [[ "$(pgrep -U $USER ssh-agent)" == "" ]]; then eval `ssh-agent`; fi
 
if [[ "$(pgrep -U $USER ssh-agent)" == "" ]]; then eval `ssh-agent`; fi

Latest revision as of 09:29, 28 May 2020

Contents

[edit] SSH Key Generation

These instructions assist new Cheaha users to access the cluster using an SSH client.

[edit] Mac OS X

  • On your Mac open Terminal application.
  • Run the following command on your terminal:
ssh-keygen -t rsa
  • You can put a passphrase for your SSH key ( Not mandatory but highly recommended)
  • A id_rsa.pub file would have been created.
  • Open the file by running less .ssh/id_rsa.pub and copy the content.
  • Press q to exit out of the file.
  • Now SSH to your cheaha.rc.uab.edu account , and paste the content in ~/.ssh/authorized_keys using your favorite editor.
  • Now log out from cheaha.rc.uab.edu and login again. You shouldn't see a prompt for password and be directly logged in.

Note: You need to perform these steps just for the first time access, you should be able to directly run ssh blazerid@cheaha.rc.uab.edu from next time.

[edit] Linux

  • On your linux machine open Terminal application.
  • Run the following command on your terminal:
ssh-keygen -t rsa
  • You can put a passphrase for your SSH key ( Not mandatory but highly recommended)
  • A id_rsa.pub file would have been created.
  • Open the file by running less .ssh/id_rsa.pub and copy the content.
  • Press q to exit out of the file.
  • Now SSH to your cheaha.rc.uab.edu account , and paste the content in ~/.ssh/authorized_keys using your favorite editor.
  • Now log out from cheaha.rc.uab.edu and login again. You shouldn't see a prompt for password and be directly logged in.

Note: You need to perform these steps just for the first time access, you should be able to directly run ssh blazerid@cheaha.rc.uab.edu from next time.

[edit] Windows

[edit] Putty

You will require a tool called puttygen, to generate SSH keys for the pairing purpose. You can download it here. Once you have downloaded and installed putty and puttygen, follow these instructions:

  • Launch PuTTY Key Generator.
  • Click the Generate button and press a series of random keystrokes to aid in generating the key.
  • Enter a unique key passphrase in the Key passphrase and Confirm passphrase fields.
  • Save the public and private keys by clicking the Save public key and Save private key buttons.
  • Right click the filed Public key for pasting into OpenSSH authorized_keys file, choose Select All, right click again and select Copy
  • Now open application Putty.
  • Set up your session for cheaha.rc.uab.edu in PuTTy. (If you don't know how, follow these instructions).
  • Login to your Cheaha account.
  • Paste the content of the Public key that you previously copied to the clip board in Puttygen into the ~/.ssh/authorized_keys file using your favorite editor.
  • Now select your saved session for cheaha.rc.uab.edu.
  • Click Connection > SSH > Auth in the left-hand navigation pane and configure the private key to use by clicking Browse under Private key file for authentication.
  • Navigate to the location where you saved your private key earlier, select the file, and click Open.
  • The private key path is now displayed in the Private key file for authentication field.
  • Click Session in the left-hand navigation pane and click Save in the Load, save or delete a stored session section.
  • Click Open to begin your session with the server. You shouldn't see a prompt for password and be directly logged in.

Note: You need to perform these steps just for the first time access, you should be able to directly run your cheaha.rc.uab.edu profile from next time.

[edit] SSH Secure Shell Client

  • In SSH Secure Shell, from the Edit menu, select Settings...
  • In the window that opens, select Global Settings, then User Authentication, and then Keys.
  • Under "Key pair management", click Generate New.... In the window that appears, click Next.
  • In the Key Generation window that appears:
    • From the drop-down list next to Key Type:, select from the following:
      • If you want to take less time to initially generate the key, select DSA.
      • If you want to take less time during each connection for the server to verify your key, select RSA.
    • From the the drop-down list next to Key Length:, select at least 1024. You may choose a greater key length, but the time it takes to generate the key, as well as the time it takes to authenticate using it, will go up.
  • Click Next. The key generation process will start. When it's complete, click Next again.
  • In the File Name: field, enter a name for the file where SSH Secure Shell will store your private key. Your public key will be stored in a file with the same name, plus a .pub extension.
    • Important: You can put a passphrase for your SSH key ( Not mandatory but highly recommended)
  • To complete the key generation process, click Next, and then Finish.
  • At the Settings screen, click OK.
  • Copy the content of .pub file generated.
  • Now SSH to your cheaha.rc.uab.edu account, following the instructions here , and paste the content in ~/.ssh/authorized_keys using your favorite editor.
  • Now exit/logout from your account on cheaha.uabgrid.uab.edu and login again. You shouldn't see a prompt for password and be directly logged in.

Note: You need to perform these steps just for the first time access, you should be able to directly run your cheaha.rc.uab.edu profile from next time.

[edit] SSH Passphrases

It is highly recommended that users protect their SSH key by using a passphrase (see above for SSH key generation instructions). This section explains how to use the ssh-add command to avoid having to type your passphrase each time you use SSH to connect to Cheaha.

[edit] Linux and Mac

Open the terminal application and run the following command (make sure to use the backtick (`) not single quotes (')). We wrap this inside of an if statement to avoid starting more than one ssh-agent, you only need one!

if [[ "$(pgrep -U $USER ssh-agent)" == "" ]]; then eval `ssh-agent`; fi

The run the ssh-add command to load your SSH key (if you have multiple keys you can specify the specific key to use by providing the path and file name: ssh-add ~/.ssh/id_rsa)

ssh-add

You can list the SSH public keys that are currently represented by the agent by running this command.

ssh-add -L

Enter your private key passphrase. Now your passphrase is stored and you'll be able to SSH to Cheaha without being prompted for the passphrase.

ssh cheaha.rc.uab.edu