SSH Key Authentication: Difference between revisions
(9 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
These instructions assist | == SSH Key Generation == | ||
These instructions assist new Cheaha users to access the cluster using an SSH client. | |||
===Mac OS X=== | ===Mac OS X=== | ||
Line 29: | Line 29: | ||
* Open the file by running '''less .ssh/id_rsa.pub''' and copy the content. | * Open the file by running '''less .ssh/id_rsa.pub''' and copy the content. | ||
* Press '''q''' to exit out of the file. | * Press '''q''' to exit out of the file. | ||
* Now SSH to your '''cheaha. | * Now SSH to your '''cheaha.rc.uab.edu''' account , and paste the content in '''~/.ssh/authorized_keys''' using your favorite editor. | ||
* Now '''log out''' from cheaha. | * Now '''log out''' from cheaha.rc.uab.edu and login again. You shouldn't see a prompt for password and be directly logged in. | ||
'''Note:''' You need to perform these steps just for the first time access, you should be able to directly run '''ssh blazerid@cheaha.rc.uab.edu''' from next time. | '''Note:''' You need to perform these steps just for the first time access, you should be able to directly run '''ssh blazerid@cheaha.rc.uab.edu''' from next time. | ||
===Windows=== | ===Windows=== | ||
Line 44: | Line 38: | ||
====Putty==== | ====Putty==== | ||
You | You will require a tool called '''puttygen''', to generate SSH keys for the pairing purpose. You can download it [http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html here]. Once you have downloaded and installed '''putty''' and '''puttygen''', follow these instructions: | ||
* Launch PuTTY Key Generator. | * Launch PuTTY Key Generator. | ||
* Click the Generate button and press a series of random keystrokes to aid in generating the key. | |||
* | |||
* Enter a unique key passphrase in the Key passphrase and Confirm passphrase fields. | * Enter a unique key passphrase in the Key passphrase and Confirm passphrase fields. | ||
* Save the public and private keys by clicking the Save public key and Save private key buttons. | * Save the public and private keys by clicking the Save public key and Save private key buttons. | ||
* Right click the filed '''Public key for pasting into OpenSSH authorized_keys file''', choose '''Select All''', right click again and select Copy | |||
* | |||
* Now open application '''Putty'''. | * Now open application '''Putty'''. | ||
* Set up your session for '''cheaha.rc.uab.edu''' in PuTTy. (If you don't know how, follow these [https://docs.uabgrid.uab.edu/wiki/Cheaha_GettingStarted#PuTTY instructions]). | |||
* Set up your session for ''' | |||
* Login to your Cheaha account. | * Login to your Cheaha account. | ||
* Paste the content of the '''Public key''' that you previously copied to the clip board in '''Puttygen''' into the '''~/.ssh/authorized_keys''' file using your favorite editor. | |||
* Paste the content of the '''Public key''' that you | |||
* Now select your saved session for '''cheaha.rc.uab.edu'''. | * Now select your saved session for '''cheaha.rc.uab.edu'''. | ||
* Click '''Connection > SSH > Auth''' in the left-hand navigation pane and configure the private key to use by clicking Browse under Private key file for authentication. | * Click '''Connection > SSH > Auth''' in the left-hand navigation pane and configure the private key to use by clicking Browse under Private key file for authentication. | ||
* Navigate to the location where you saved your private key earlier, select the file, and click Open. | * Navigate to the location where you saved your private key earlier, select the file, and click Open. | ||
* The private key path is now displayed in the Private key file for authentication field. | * The private key path is now displayed in the Private key file for authentication field. | ||
* Click Session in the left-hand navigation pane and click '''Save''' in the Load, save or delete a stored session section. | * Click Session in the left-hand navigation pane and click '''Save''' in the Load, save or delete a stored session section. | ||
* Click Open to begin your session with the server. You shouldn't see a prompt for password and be directly logged in. | |||
* Click Open to begin your session with the server. | |||
'''Note:''' You need to perform these steps just for the first time access, you should be able to directly run your '''cheaha.rc.uab.edu''' profile from next time. | '''Note:''' You need to perform these steps just for the first time access, you should be able to directly run your '''cheaha.rc.uab.edu''' profile from next time. | ||
====SSH Secure Shell Client==== | ====SSH Secure Shell Client==== | ||
Line 120: | Line 74: | ||
* At the '''Settings''' screen, click '''OK'''. | * At the '''Settings''' screen, click '''OK'''. | ||
* Copy the content of .pub file generated. | * Copy the content of .pub file generated. | ||
* Now SSH to your '''cheaha. | * Now SSH to your '''cheaha.rc.uab.edu''' account, following the instructions [https://docs.uabgrid.uab.edu/wiki/Cheaha_GettingStarted#SSH_Secure_Shell_Client here] , and paste the content in '''~/.ssh/authorized_keys''' using your favorite editor. | ||
* Now '''exit/logout''' from your account on '''cheaha.uabgrid.uab.edu''' | * Now '''exit/logout''' from your account on '''cheaha.uabgrid.uab.edu''' and login again. You shouldn't see a prompt for password and be directly logged in. | ||
'''Note:''' You need to perform these steps just for the first time access, you should be able to directly run your '''cheaha.rc.uab.edu''' profile from next time. | '''Note:''' You need to perform these steps just for the first time access, you should be able to directly run your '''cheaha.rc.uab.edu''' profile from next time. | ||
== SSH Passphrases == | |||
It is highly recommended that users protect their SSH key by using a passphrase (see above for SSH key generation instructions). This section explains how to use the '''ssh-add''' command to avoid having to type your passphrase each time you use SSH to connect to Cheaha. | |||
=== Linux and Mac === | |||
Open the terminal application and run the following command (make sure to use the backtick (`) not single quotes (')). We wrap this inside of an ''if statement'' to avoid starting more than one '''ssh-agent''', you only need one! | |||
<pre> | |||
if [[ "$(pgrep -U $USER ssh-agent)" == "" ]]; then eval `ssh-agent`; fi | |||
</pre> | |||
The run the ssh-add command to load your SSH key (if you have multiple keys you can specify the specific key to use by providing the path and file name: '''ssh-add ~/.ssh/id_rsa''') | |||
<pre> | |||
ssh-add | |||
</pre> | |||
You can list the SSH public keys that are currently represented by the agent by running this command. | |||
<pre> | |||
ssh-add -L | |||
</pre> | |||
Enter your private key passphrase. Now your passphrase is stored and you'll be able to SSH to Cheaha without being prompted for the passphrase. | |||
<pre> | |||
ssh cheaha.rc.uab.edu | |||
</pre> |
Latest revision as of 15:29, 28 May 2020
SSH Key Generation
These instructions assist new Cheaha users to access the cluster using an SSH client.
Mac OS X
- On your Mac open Terminal application.
- Run the following command on your terminal:
ssh-keygen -t rsa
- You can put a passphrase for your SSH key ( Not mandatory but highly recommended)
- A id_rsa.pub file would have been created.
- Open the file by running less .ssh/id_rsa.pub and copy the content.
- Press q to exit out of the file.
- Now SSH to your cheaha.rc.uab.edu account , and paste the content in ~/.ssh/authorized_keys using your favorite editor.
- Now log out from cheaha.rc.uab.edu and login again. You shouldn't see a prompt for password and be directly logged in.
Note: You need to perform these steps just for the first time access, you should be able to directly run ssh blazerid@cheaha.rc.uab.edu from next time.
Linux
- On your linux machine open Terminal application.
- Run the following command on your terminal:
ssh-keygen -t rsa
- You can put a passphrase for your SSH key ( Not mandatory but highly recommended)
- A id_rsa.pub file would have been created.
- Open the file by running less .ssh/id_rsa.pub and copy the content.
- Press q to exit out of the file.
- Now SSH to your cheaha.rc.uab.edu account , and paste the content in ~/.ssh/authorized_keys using your favorite editor.
- Now log out from cheaha.rc.uab.edu and login again. You shouldn't see a prompt for password and be directly logged in.
Note: You need to perform these steps just for the first time access, you should be able to directly run ssh blazerid@cheaha.rc.uab.edu from next time.
Windows
Putty
You will require a tool called puttygen, to generate SSH keys for the pairing purpose. You can download it here. Once you have downloaded and installed putty and puttygen, follow these instructions:
- Launch PuTTY Key Generator.
- Click the Generate button and press a series of random keystrokes to aid in generating the key.
- Enter a unique key passphrase in the Key passphrase and Confirm passphrase fields.
- Save the public and private keys by clicking the Save public key and Save private key buttons.
- Right click the filed Public key for pasting into OpenSSH authorized_keys file, choose Select All, right click again and select Copy
- Now open application Putty.
- Set up your session for cheaha.rc.uab.edu in PuTTy. (If you don't know how, follow these instructions).
- Login to your Cheaha account.
- Paste the content of the Public key that you previously copied to the clip board in Puttygen into the ~/.ssh/authorized_keys file using your favorite editor.
- Now select your saved session for cheaha.rc.uab.edu.
- Click Connection > SSH > Auth in the left-hand navigation pane and configure the private key to use by clicking Browse under Private key file for authentication.
- Navigate to the location where you saved your private key earlier, select the file, and click Open.
- The private key path is now displayed in the Private key file for authentication field.
- Click Session in the left-hand navigation pane and click Save in the Load, save or delete a stored session section.
- Click Open to begin your session with the server. You shouldn't see a prompt for password and be directly logged in.
Note: You need to perform these steps just for the first time access, you should be able to directly run your cheaha.rc.uab.edu profile from next time.
SSH Secure Shell Client
- In SSH Secure Shell, from the Edit menu, select Settings...
- In the window that opens, select Global Settings, then User Authentication, and then Keys.
- Under "Key pair management", click Generate New.... In the window that appears, click Next.
- In the Key Generation window that appears:
- From the drop-down list next to Key Type:, select from the following:
- If you want to take less time to initially generate the key, select DSA.
- If you want to take less time during each connection for the server to verify your key, select RSA.
- From the the drop-down list next to Key Length:, select at least 1024. You may choose a greater key length, but the time it takes to generate the key, as well as the time it takes to authenticate using it, will go up.
- From the drop-down list next to Key Type:, select from the following:
- Click Next. The key generation process will start. When it's complete, click Next again.
- In the File Name: field, enter a name for the file where SSH Secure Shell will store your private key. Your public key will be stored in a file with the same name, plus a .pub extension.
- Important: You can put a passphrase for your SSH key ( Not mandatory but highly recommended)
- To complete the key generation process, click Next, and then Finish.
- At the Settings screen, click OK.
- Copy the content of .pub file generated.
- Now SSH to your cheaha.rc.uab.edu account, following the instructions here , and paste the content in ~/.ssh/authorized_keys using your favorite editor.
- Now exit/logout from your account on cheaha.uabgrid.uab.edu and login again. You shouldn't see a prompt for password and be directly logged in.
Note: You need to perform these steps just for the first time access, you should be able to directly run your cheaha.rc.uab.edu profile from next time.
SSH Passphrases
It is highly recommended that users protect their SSH key by using a passphrase (see above for SSH key generation instructions). This section explains how to use the ssh-add command to avoid having to type your passphrase each time you use SSH to connect to Cheaha.
Linux and Mac
Open the terminal application and run the following command (make sure to use the backtick (`) not single quotes (')). We wrap this inside of an if statement to avoid starting more than one ssh-agent, you only need one!
if [[ "$(pgrep -U $USER ssh-agent)" == "" ]]; then eval `ssh-agent`; fi
The run the ssh-add command to load your SSH key (if you have multiple keys you can specify the specific key to use by providing the path and file name: ssh-add ~/.ssh/id_rsa)
ssh-add
You can list the SSH public keys that are currently represented by the agent by running this command.
ssh-add -L
Enter your private key passphrase. Now your passphrase is stored and you'll be able to SSH to Cheaha without being prompted for the passphrase.
ssh cheaha.rc.uab.edu