SSH Keys/fr: Difference between revisions

SSH Keys/fr (view source)

Revision as of 14:21, 19 March 2021

883 bytes removed , 3 years ago

Updating to match new version of source page

FuzzyBot

Bots

38,760

edits

@@ Line 47: / Line 47: @@
 == Installing your key ==
+=== Using CCDB ===
 To install the key, you must make the target/destination system aware of the public part of your key.
-On ComputeCanada, we have recently added a convenient new way to do this.  You should visit:
+On Compute Canada, we have recently (March 2021) added a convenient way to do this.  You should visit:
   https://ccdb.computecanada.ca/ssh_authorized_keys
@@ Line 62: / Line 65: @@
 OpenStack (cloud systems) do not read your key from CCDB as shown in the link above.
-Sometimes, you may encounter a key that is in an alternate format - for instance, as generated by some SSH clients.
+Sometimes, you may encounter a key that is in an alternate format.
-for instance, this is a public key in PEM format:
+For instance, this is a public key in PEM format:
   -----BEGIN RSA PUBLIC KEY-----
   MIIBCgKCAQEAxFm+Fbs+szeV2Vg2T5ufg8az0jD9DD/A0iNLKef2/0gPULn1ebFQ
@@ Line 73: / Line 76: @@
   -----END RSA PUBLIC KEY-----
-and this is the same key in RFC4716 format:
+Public keys in RFC4716 or PKCS8 formats will look similar to PEM, with small variations in the header and footer lines.
- ---- BEGIN SSH2 PUBLIC KEY ----
- AAAAB3NzaC1yc2EAAAADAQABAAABAQDEWb4Vuz6zN5XZWDZPm5+DxrPSMP0MP8DSI0sp5/
- b/SA9QufV5sVBK9DC2zlkZzNr23qXt9Io5vPwWIDBef6Z2ZevHHd9Ah6lZrYV4I1tOSIpN
- Ok2YRHAfS/dFHcOkl3xymDmN0lsg2WoNQ92pfFkM8jJm4dsRhSJKtvW/nOxxV2BWqEliL0
-ISPt084unWSjqztNKBjx6MaduZQv+CX791+Ew0p2EtcxdYHK5wXXnvut8DPeo+fgkxas
- blMIfsmPw2kjEWGRX1CPLjQyXzXIOoyVu4T0JRnNWEBN7wx0i9xdRB6PzKV12Y2cBeZ9MP
- BR3lwn9VIxop6roaN39cOb
- ---- END SSH2 PUBLIC KEY ----
-and finally in PKCS8
- -----BEGIN PUBLIC KEY-----
- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFm+Fbs+szeV2Vg2T5uf
- g8az0jD9DD/A0iNLKef2/0gPULn1ebFQSvQwts5ZGcza9t6l7fSKObz8FiAwXn+m
- dmXrxx3fQIepWa2FeCNbTkiKTTpNmERwH0v3RR3DpJd8cpg5jdJbINlqDUPdqXxZ
- DPIyZuHbEYUiSrb1v5zscVdgVqhJYi9OOiEj7dPOLp1ko6s7TSgY8ejGnbmUL/gl
- +/dfhMNKdhLXMXWByucF1577rfAz3qPn4JMWrG5TCH7Jj8NpIxFhkV9Qjy40Ml81
- yDqMlbuE9CUZzVhATe8MdIvcXUQej8ylddmNnAXmfTDwUd5cJ/VSMaKeq6Gjd/XD
- mwIDAQAB
- -----END PUBLIC KEY-----
-This method of installing an ssh key makes the key available to all systems.  This is convenient, and is often desired.
+=== Using the authorized_keys file ===
-There may be circumstances in which you want to install a key on a specific system.  You can do this by making the key
-appear in a file in your home directory on that system.  For instance, to install a key that only works on Cedar,
+The CCDB method described above makes your public key available on all Compute Canada HPC systems.  This is convenient, and is often desired.
-you can install your public key in the .ssh/authorized_keys file on Cedar.  Since your home directory is shared by
-all nodes on a particular system, this will permit login to any of Cedar's login nodes (but not automatically to any
+However, there may be circumstances in which you want to install a key only on a specific system.  You can do this by adding the key
-of the other clusters).  On systems with OpenSSH, the "ssh-copy-id" command is a convenient way to properly install
+to a file in your home directory on that system.  For instance, to install a key that only works on Cedar,
-keys into your authorized_keys file:
+copy your public key into the file <code>~/.ssh/authorized_keys</code> on Cedar.
+This will allow you to log in to any of Cedar's login nodes using PK.
+On our systems (or any other with OpenSSH) the <code>ssh-copy-id</code> command is the most convenient way to do this:
    ssh-copy-id -i computecanada-key username@cedar.computecanada.ca
-The authorized_keys mechanism is standard, and almost universally used on the internet.  It is however somewhat fragile:
+The <code>authorized_keys</code> mechanism is standard, and almost universally used on the internet.  It is however somewhat fragile:
-specifically, SSH is quite picky about the permissions on the authorized_keys file, as well as your home directory and the .ssh subdirectory.
+Specifically, SSH is quite picky about the permissions on the <code>authorized_keys</code> file, as well as your home directory and the <code>.ssh</code> subdirectory.
-this is described further in [[Using_SSH_keys_in_Linux|using SSH keys in Linux]].
+This is described further in [[Using_SSH_keys_in_Linux|using SSH keys in Linux]].
 == Advanced Key Usage ==
@@ Line 111: / Line 98: @@
 Although it's important to secure your private key by encrypting it with the passphrase, it is inconvenient to have to enter your
 passphrase every time you use the key.  Rather than leaving the private key unencrypted, we strongly suggest using an SSH key agent.
-This allows you to type the passphrase when starting up the agent, after which the agent supplies the private key for new connections.
+You type the passphrase when starting up the agent, after which the agent supplies the private key for new connections.
-This really just avoids storing the unencrypted private key permanently on storage, where it might be stolen or copied.
+This avoids storing the unencrypted private key on permanent storage, where it is more vulnerable to being stolen or copied.
 == Advanced Key Generation ==
 ssh-keygen shown above is using defaults, which are OK, but may not be ideal.