SSH Key Authentication
From UABgrid Documentation
(Difference between revisions)
(→Linux) |
(→Linux and Mac) |
||
| (8 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | These instructions assist | + | == SSH Key Generation == |
| − | + | These instructions assist new Cheaha users to access the cluster using an SSH client. | |
===Mac OS X=== | ===Mac OS X=== | ||
| Line 38: | Line 38: | ||
====Putty==== | ====Putty==== | ||
| − | You | + | You will require a tool called '''puttygen''', to generate SSH keys for the pairing purpose. You can download it [http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html here]. Once you have downloaded and installed '''putty''' and '''puttygen''', follow these instructions: |
* Launch PuTTY Key Generator. | * Launch PuTTY Key Generator. | ||
| − | + | * Click the Generate button and press a series of random keystrokes to aid in generating the key. | |
| − | * | + | |
| − | + | ||
* Enter a unique key passphrase in the Key passphrase and Confirm passphrase fields. | * Enter a unique key passphrase in the Key passphrase and Confirm passphrase fields. | ||
| − | |||
* Save the public and private keys by clicking the Save public key and Save private key buttons. | * Save the public and private keys by clicking the Save public key and Save private key buttons. | ||
| − | + | * Right click the filed '''Public key for pasting into OpenSSH authorized_keys file''', choose '''Select All''', right click again and select Copy | |
| − | * | + | |
| − | + | ||
| − | + | ||
| − | + | ||
* Now open application '''Putty'''. | * Now open application '''Putty'''. | ||
| − | + | * Set up your session for '''cheaha.rc.uab.edu''' in PuTTy. (If you don't know how, follow these [https://docs.uabgrid.uab.edu/wiki/Cheaha_GettingStarted#PuTTY instructions]). | |
| − | * Set up your session for ''' | + | |
| − | + | ||
* Login to your Cheaha account. | * Login to your Cheaha account. | ||
| − | + | * Paste the content of the '''Public key''' that you previously copied to the clip board in '''Puttygen''' into the '''~/.ssh/authorized_keys''' file using your favorite editor. | |
| − | * Paste the content of the '''Public key''' that you | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
* Now select your saved session for '''cheaha.rc.uab.edu'''. | * Now select your saved session for '''cheaha.rc.uab.edu'''. | ||
| − | |||
* Click '''Connection > SSH > Auth''' in the left-hand navigation pane and configure the private key to use by clicking Browse under Private key file for authentication. | * Click '''Connection > SSH > Auth''' in the left-hand navigation pane and configure the private key to use by clicking Browse under Private key file for authentication. | ||
| − | |||
* Navigate to the location where you saved your private key earlier, select the file, and click Open. | * Navigate to the location where you saved your private key earlier, select the file, and click Open. | ||
| − | |||
* The private key path is now displayed in the Private key file for authentication field. | * The private key path is now displayed in the Private key file for authentication field. | ||
| − | |||
* Click Session in the left-hand navigation pane and click '''Save''' in the Load, save or delete a stored session section. | * Click Session in the left-hand navigation pane and click '''Save''' in the Load, save or delete a stored session section. | ||
| − | + | * Click Open to begin your session with the server. You shouldn't see a prompt for password and be directly logged in. | |
| − | * Click Open to begin your session with the server. | + | |
'''Note:''' You need to perform these steps just for the first time access, you should be able to directly run your '''cheaha.rc.uab.edu''' profile from next time. | '''Note:''' You need to perform these steps just for the first time access, you should be able to directly run your '''cheaha.rc.uab.edu''' profile from next time. | ||
| − | |||
| − | |||
====SSH Secure Shell Client==== | ====SSH Secure Shell Client==== | ||
| Line 114: | Line 74: | ||
* At the '''Settings''' screen, click '''OK'''. | * At the '''Settings''' screen, click '''OK'''. | ||
* Copy the content of .pub file generated. | * Copy the content of .pub file generated. | ||
| − | * Now SSH to your '''cheaha. | + | * Now SSH to your '''cheaha.rc.uab.edu''' account, following the instructions [https://docs.uabgrid.uab.edu/wiki/Cheaha_GettingStarted#SSH_Secure_Shell_Client here] , and paste the content in '''~/.ssh/authorized_keys''' using your favorite editor. |
| − | * Now '''exit/logout''' from your account on '''cheaha.uabgrid.uab.edu''' | + | * Now '''exit/logout''' from your account on '''cheaha.uabgrid.uab.edu''' and login again. You shouldn't see a prompt for password and be directly logged in. |
| − | + | ||
| − | + | ||
'''Note:''' You need to perform these steps just for the first time access, you should be able to directly run your '''cheaha.rc.uab.edu''' profile from next time. | '''Note:''' You need to perform these steps just for the first time access, you should be able to directly run your '''cheaha.rc.uab.edu''' profile from next time. | ||
| + | |||
| + | == SSH Passphrases == | ||
| + | It is highly recommended that users protect their SSH key by using a passphrase (see above for SSH key generation instructions). This section explains how to use the '''ssh-add''' command to avoid having to type your passphrase each time you use SSH to connect to Cheaha. | ||
| + | |||
| + | === Linux and Mac === | ||
| + | Open the terminal application and run the following command (make sure to use the backtick (`) not single quotes (')). We wrap this inside of an ''if statement'' to avoid starting more than one '''ssh-agent''', you only need one! | ||
| + | <pre> | ||
| + | if [[ "$(pgrep -U $USER ssh-agent)" == "" ]]; then eval `ssh-agent`; fi | ||
| + | </pre> | ||
| + | |||
| + | The run the ssh-add command to load your SSH key (if you have multiple keys you can specify the specific key to use by providing the path and file name: '''ssh-add ~/.ssh/id_rsa''') | ||
| + | <pre> | ||
| + | ssh-add | ||
| + | </pre> | ||
| + | |||
| + | You can list the SSH public keys that are currently represented by the agent by running this command. | ||
| + | <pre> | ||
| + | ssh-add -L | ||
| + | </pre> | ||
| + | |||
| + | Enter your private key passphrase. Now your passphrase is stored and you'll be able to SSH to Cheaha without being prompted for the passphrase. | ||
| + | <pre> | ||
| + | ssh cheaha.rc.uab.edu | ||
| + | </pre> | ||
Latest revision as of 10:29, 28 May 2020
Contents |
[edit] SSH Key Generation
These instructions assist new Cheaha users to access the cluster using an SSH client.
[edit] Mac OS X
- On your Mac open Terminal application.
- Run the following command on your terminal:
ssh-keygen -t rsa
- You can put a passphrase for your SSH key ( Not mandatory but highly recommended)
- A id_rsa.pub file would have been created.
- Open the file by running less .ssh/id_rsa.pub and copy the content.
- Press q to exit out of the file.
- Now SSH to your cheaha.rc.uab.edu account , and paste the content in ~/.ssh/authorized_keys using your favorite editor.
- Now log out from cheaha.rc.uab.edu and login again. You shouldn't see a prompt for password and be directly logged in.
Note: You need to perform these steps just for the first time access, you should be able to directly run ssh blazerid@cheaha.rc.uab.edu from next time.
[edit] Linux
- On your linux machine open Terminal application.
- Run the following command on your terminal:
ssh-keygen -t rsa
- You can put a passphrase for your SSH key ( Not mandatory but highly recommended)
- A id_rsa.pub file would have been created.
- Open the file by running less .ssh/id_rsa.pub and copy the content.
- Press q to exit out of the file.
- Now SSH to your cheaha.rc.uab.edu account , and paste the content in ~/.ssh/authorized_keys using your favorite editor.
- Now log out from cheaha.rc.uab.edu and login again. You shouldn't see a prompt for password and be directly logged in.
Note: You need to perform these steps just for the first time access, you should be able to directly run ssh blazerid@cheaha.rc.uab.edu from next time.
[edit] Windows
[edit] Putty
You will require a tool called puttygen, to generate SSH keys for the pairing purpose. You can download it here. Once you have downloaded and installed putty and puttygen, follow these instructions:
- Launch PuTTY Key Generator.
- Click the Generate button and press a series of random keystrokes to aid in generating the key.
- Enter a unique key passphrase in the Key passphrase and Confirm passphrase fields.
- Save the public and private keys by clicking the Save public key and Save private key buttons.
- Right click the filed Public key for pasting into OpenSSH authorized_keys file, choose Select All, right click again and select Copy
- Now open application Putty.
- Set up your session for cheaha.rc.uab.edu in PuTTy. (If you don't know how, follow these instructions).
- Login to your Cheaha account.
- Paste the content of the Public key that you previously copied to the clip board in Puttygen into the ~/.ssh/authorized_keys file using your favorite editor.
- Now select your saved session for cheaha.rc.uab.edu.
- Click Connection > SSH > Auth in the left-hand navigation pane and configure the private key to use by clicking Browse under Private key file for authentication.
- Navigate to the location where you saved your private key earlier, select the file, and click Open.
- The private key path is now displayed in the Private key file for authentication field.
- Click Session in the left-hand navigation pane and click Save in the Load, save or delete a stored session section.
- Click Open to begin your session with the server. You shouldn't see a prompt for password and be directly logged in.
Note: You need to perform these steps just for the first time access, you should be able to directly run your cheaha.rc.uab.edu profile from next time.
[edit] SSH Secure Shell Client
- In SSH Secure Shell, from the Edit menu, select Settings...
- In the window that opens, select Global Settings, then User Authentication, and then Keys.
- Under "Key pair management", click Generate New.... In the window that appears, click Next.
- In the Key Generation window that appears:
- From the drop-down list next to Key Type:, select from the following:
- If you want to take less time to initially generate the key, select DSA.
- If you want to take less time during each connection for the server to verify your key, select RSA.
- From the the drop-down list next to Key Length:, select at least 1024. You may choose a greater key length, but the time it takes to generate the key, as well as the time it takes to authenticate using it, will go up.
- From the drop-down list next to Key Type:, select from the following:
- Click Next. The key generation process will start. When it's complete, click Next again.
- In the File Name: field, enter a name for the file where SSH Secure Shell will store your private key. Your public key will be stored in a file with the same name, plus a .pub extension.
- Important: You can put a passphrase for your SSH key ( Not mandatory but highly recommended)
- To complete the key generation process, click Next, and then Finish.
- At the Settings screen, click OK.
- Copy the content of .pub file generated.
- Now SSH to your cheaha.rc.uab.edu account, following the instructions here , and paste the content in ~/.ssh/authorized_keys using your favorite editor.
- Now exit/logout from your account on cheaha.uabgrid.uab.edu and login again. You shouldn't see a prompt for password and be directly logged in.
Note: You need to perform these steps just for the first time access, you should be able to directly run your cheaha.rc.uab.edu profile from next time.
[edit] SSH Passphrases
It is highly recommended that users protect their SSH key by using a passphrase (see above for SSH key generation instructions). This section explains how to use the ssh-add command to avoid having to type your passphrase each time you use SSH to connect to Cheaha.
[edit] Linux and Mac
Open the terminal application and run the following command (make sure to use the backtick (`) not single quotes (')). We wrap this inside of an if statement to avoid starting more than one ssh-agent, you only need one!
if [[ "$(pgrep -U $USER ssh-agent)" == "" ]]; then eval `ssh-agent`; fi
The run the ssh-add command to load your SSH key (if you have multiple keys you can specify the specific key to use by providing the path and file name: ssh-add ~/.ssh/id_rsa)
ssh-add
You can list the SSH public keys that are currently represented by the agent by running this command.
ssh-add -L
Enter your private key passphrase. Now your passphrase is stored and you'll be able to SSH to Cheaha without being prompted for the passphrase.
ssh cheaha.rc.uab.edu
