SSH Key Authentication

From Cheaha
Jump to navigation Jump to search


Attention: Research Computing Documentation has Moved
https://docs.rc.uab.edu/


Please use the new documentation url https://docs.rc.uab.edu/ for all Research Computing documentation needs.


As a result of this move, we have deprecated use of this wiki for documentation. We are providing read-only access to the content to facilitate migration of bookmarks and to serve as an historical record. All content updates should be made at the new documentation site. The original wiki will not receive further updates.

Thank you,

The Research Computing Team

SSH Key Generation

These instructions assist new Cheaha users to access the cluster using an SSH client.

Mac OS X

  • On your Mac open Terminal application.
  • Run the following command on your terminal:
ssh-keygen -t rsa
  • You can put a passphrase for your SSH key ( Not mandatory but highly recommended)
  • A id_rsa.pub file would have been created.
  • Open the file by running less .ssh/id_rsa.pub and copy the content.
  • Press q to exit out of the file.
  • Now SSH to your cheaha.rc.uab.edu account , and paste the content in ~/.ssh/authorized_keys using your favorite editor.
  • Now log out from cheaha.rc.uab.edu and login again. You shouldn't see a prompt for password and be directly logged in.

Note: You need to perform these steps just for the first time access, you should be able to directly run ssh blazerid@cheaha.rc.uab.edu from next time.

Linux

  • On your linux machine open Terminal application.
  • Run the following command on your terminal:
ssh-keygen -t rsa
  • You can put a passphrase for your SSH key ( Not mandatory but highly recommended)
  • A id_rsa.pub file would have been created.
  • Open the file by running less .ssh/id_rsa.pub and copy the content.
  • Press q to exit out of the file.
  • Now SSH to your cheaha.rc.uab.edu account , and paste the content in ~/.ssh/authorized_keys using your favorite editor.
  • Now log out from cheaha.rc.uab.edu and login again. You shouldn't see a prompt for password and be directly logged in.

Note: You need to perform these steps just for the first time access, you should be able to directly run ssh blazerid@cheaha.rc.uab.edu from next time.

Windows

Putty

You will require a tool called puttygen, to generate SSH keys for the pairing purpose. You can download it here. Once you have downloaded and installed putty and puttygen, follow these instructions:

  • Launch PuTTY Key Generator.
  • Click the Generate button and press a series of random keystrokes to aid in generating the key.
  • Enter a unique key passphrase in the Key passphrase and Confirm passphrase fields.
  • Save the public and private keys by clicking the Save public key and Save private key buttons.
  • Right click the filed Public key for pasting into OpenSSH authorized_keys file, choose Select All, right click again and select Copy
  • Now open application Putty.
  • Set up your session for cheaha.rc.uab.edu in PuTTy. (If you don't know how, follow these instructions).
  • Login to your Cheaha account.
  • Paste the content of the Public key that you previously copied to the clip board in Puttygen into the ~/.ssh/authorized_keys file using your favorite editor.
  • Now select your saved session for cheaha.rc.uab.edu.
  • Click Connection > SSH > Auth in the left-hand navigation pane and configure the private key to use by clicking Browse under Private key file for authentication.
  • Navigate to the location where you saved your private key earlier, select the file, and click Open.
  • The private key path is now displayed in the Private key file for authentication field.
  • Click Session in the left-hand navigation pane and click Save in the Load, save or delete a stored session section.
  • Click Open to begin your session with the server. You shouldn't see a prompt for password and be directly logged in.

Note: You need to perform these steps just for the first time access, you should be able to directly run your cheaha.rc.uab.edu profile from next time.

SSH Secure Shell Client

  • In SSH Secure Shell, from the Edit menu, select Settings...
  • In the window that opens, select Global Settings, then User Authentication, and then Keys.
  • Under "Key pair management", click Generate New.... In the window that appears, click Next.
  • In the Key Generation window that appears:
    • From the drop-down list next to Key Type:, select from the following:
      • If you want to take less time to initially generate the key, select DSA.
      • If you want to take less time during each connection for the server to verify your key, select RSA.
    • From the the drop-down list next to Key Length:, select at least 1024. You may choose a greater key length, but the time it takes to generate the key, as well as the time it takes to authenticate using it, will go up.
  • Click Next. The key generation process will start. When it's complete, click Next again.
  • In the File Name: field, enter a name for the file where SSH Secure Shell will store your private key. Your public key will be stored in a file with the same name, plus a .pub extension.
    • Important: You can put a passphrase for your SSH key ( Not mandatory but highly recommended)
  • To complete the key generation process, click Next, and then Finish.
  • At the Settings screen, click OK.
  • Copy the content of .pub file generated.
  • Now SSH to your cheaha.rc.uab.edu account, following the instructions here , and paste the content in ~/.ssh/authorized_keys using your favorite editor.
  • Now exit/logout from your account on cheaha.uabgrid.uab.edu and login again. You shouldn't see a prompt for password and be directly logged in.

Note: You need to perform these steps just for the first time access, you should be able to directly run your cheaha.rc.uab.edu profile from next time.

SSH Passphrases

It is highly recommended that users protect their SSH key by using a passphrase (see above for SSH key generation instructions). This section explains how to use the ssh-add command to avoid having to type your passphrase each time you use SSH to connect to Cheaha.

Linux and Mac

Open the terminal application and run the following command (make sure to use the backtick (`) not single quotes (')). We wrap this inside of an if statement to avoid starting more than one ssh-agent, you only need one!

if [[ "$(pgrep -U $USER ssh-agent)" == "" ]]; then eval `ssh-agent`; fi

The run the ssh-add command to load your SSH key (if you have multiple keys you can specify the specific key to use by providing the path and file name: ssh-add ~/.ssh/id_rsa)

ssh-add

You can list the SSH public keys that are currently represented by the agent by running this command.

ssh-add -L

Enter your private key passphrase. Now your passphrase is stored and you'll be able to SSH to Cheaha without being prompted for the passphrase.

ssh cheaha.rc.uab.edu