Sshkeys

From Storrs HPC Wiki
Revision as of 14:13, 14 September 2017 by Drc12003 (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

SSH Keys

SSH keysare recommended as they are more secure than password-based authentication.

1. Generating the key pair

On your home computer, Generate an RSA private key using ssh-keygen (unless you have already created one). If you’re using Linux or Mac OSX, open your terminal and run the following command under your username to create a public/private keypair of the type (-t) rsa.:

$ ssh-keygen -t rsa
Generating a public/private rsa key pair.
Enter the file in which you wish to save they key (i.e., /home/username/.ssh/id_rsa).
Enter a passphrase (leave empty for no passphrase).
Enter same passphrase again:

When finished, the following message appears:

Your identification has been saved in /home/username/.ssh/id_rsa
Your public key has been saved in /home/username/.ssh/id_sra.pub

The key fingerprint is:
ar:bc:d3:9e:g3:1f:63:6f:6b:32:2e:97:ee:42:e1:be username@localhost

The key’s randomart image is:

+--[ RSA 2048]----+
| ..+**B.o++o     |
|  . o+==o. o     |
|    . .oo.=      |
|      . +E+ .    |
|        S .      |
|                 |
|                 |
|                 |
|                 |
+-----------------+

2. Copying the public key you just created on your home computer to the remote server

Linux

When using Linux you have two options. You can use ssh-copy-id or the instructions below for Mac OS X. Both work to copy the local public key to the remote server.

Copy the public key on your local computer to the remote server by running the following command on your Linux machine:

$ ssh-copy-id -i ~/.ssh/id_rsa.pub username@login.storrs.hpc.uconn.edu

NOTE: If you get the error message "Too many arguments" make sure to check the command. The -i flag must be used.

This command responds with the following:

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed == if you are prompted now it is to install the new keys
username@login.storrs.hpc.uconn.edu's password:

Enter your password and you'll see the following:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'username@login.storrs.hpc.uconn.edu'" and check to make sure that only the key(s) you wanted were added.

Mac OS X Run the following command to copy the public key on your local computer to the remote server:

$ cat ~/.ssh/id_rsa.pub | ssh username@login.storrs.hpc.uconn.edu "mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys"

NOTE: This command assumes you do NOT already have an /.ssh directory under your username. This command creates the /.ssh directory for you on the remote server. If you already have an /.ssh directory on your web server, just remove the 'mkdir ~/.ssh;' section. This command responds with the following:

The authenticity of host 'login.storrs.hpc.uconn.edu (137.99.0.84)' can't be established.
RSA key fingerprint is 50:46:95:5f:27:c9:fc:f5:f5:32:d4:3a:e9:cb:4f:9f.
Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'login.storrs.hpc.uconn.edu,137.99.0.84' (RSA) to the list of known hosts.

username@login.storrs.hpc.uconn.edu's password:

Enter your ssh username password when prompted.

3. Confirming the SSH connection

The commands above create a new folder under your user named /.ssh with 700 permissions. In that folder is your authorized_keys file which was just copied from your home computer which has 600 permissions. If everything is configured properly, you should now be able to access your HPC account through SSH without a password. Run this command on your home computer where you just created the original keypair:

$ ssh username@login.storrs.hpc.uconn.edu

You should now be able to log in without using a password.