38,760
edits
Using SSH keys in Linux/en: Difference between revisions
Jump to navigation
Jump to search
Updating to match new version of source page
(Updating to match new version of source page) |
(Updating to match new version of source page) |
||
| Line 6: | Line 6: | ||
Before creating a new key pair, check to see if you already have one. If you do, but can't remember where you've used it, it's better to create a fresh one, since you shouldn't install a key of unknown security. | Before creating a new key pair, check to see if you already have one. If you do, but can't remember where you've used it, it's better to create a fresh one, since you shouldn't install a key of unknown security. | ||
Key pairs are typically located in the <code>.ssh/</code> directory in your home directory. By default, a key is named with an "id_" prefix, followed by the key type ("rsa", "dsa", "ed25519"), and the public key also has a ".pub" suffix. So a common example is <code>id_rsa</code> and <code>id_rsa.pub</code>. | Key pairs are typically located in the <code>.ssh/</code> directory in your home directory. By default, a key is named with an "id_" prefix, followed by the key type ("rsa", "dsa", "ed25519"), and the public key also has a ".pub" suffix. So a common example is <code>id_rsa</code> and <code>id_rsa.pub</code>. A good practice is to give it a name that | ||
If you do need a new key, you can generate it with the <code>ssh-keygen</code> command: | If you do need a new key, you can generate it with the <code>ssh-keygen</code> command: | ||
<source lang="console"> | <source lang="console"> | ||
[name@ | [name@yourLaptop]$ ssh-keygen -b 4096 -t rsa | ||
</source> | </source> | ||
(this example explicitly asks for a 4-kbit RSA key, which is a reasonable choice.) | (this example explicitly asks for a 4-kbit RSA key, which is a reasonable choice.) | ||
| Line 44: | Line 44: | ||
=Installing the public part of the key= | =Installing the public part of the key= | ||
We encourage all users to leverage the new CCDB feature to install their SSH public key. Grab the content of your public key (called id_rsa.pub in | ==Installing via CCDB== | ||
We encourage all users to leverage the new CCDB feature to install their SSH public key. This will make the key available to all our clusters. | |||
Grab the content of your public key (called id_rsa.pub in the above case) and upload it to CCDB as per instructions in [[SSH_Keys#Installing_your_key| SSH Keys Installing your key]] in the section "Using CCDB", STEP 3. | |||
==Installing locally== | |||
This method below is still available, but we encourage all users to [[Using_SSH_keys_in_Linux#Installing via CCDB|install it via CCDB]]. | |||
If for some reasons you still want to upload the public key locally on a specific cluster, the steps are described below. | |||
The simplest, safest way to install a key to a remote system is using the ssh-copy-id command: | The simplest, safest way to install a key to a remote system is using the ssh-copy-id command: | ||
<source lang="console"> | <source lang="console"> | ||
ssh-copy-id -i mynewkey graham.computecanada.ca | ssh-copy-id -i ~/.ssh/mynewkey.pub graham.computecanada.ca | ||
</source> | </source> | ||
This assumes that the new keypair is named "mynewkey" and "mynewkey.pub", and that your username on the remote machine is the same as your local username. | This assumes that the new keypair is named "mynewkey" and "mynewkey.pub", and that your username on the remote machine is the same as your local username. | ||
| Line 71: | Line 76: | ||
=Connecting using a key pair= | =Connecting using a key pair= | ||
<li>Finally test the new key by sshing to the remote machine from the local machine with | <li>Finally test the new key by sshing to the remote machine from the local machine with | ||
<source lang="console">[name@ | <source lang="console">[name@yourLaptop]$ ssh -i /home/ubuntu/.ssh/id_rsa USERNAME@ADDRESS</source> | ||
where | where | ||
:*<code>/home/ubuntu/.ssh/id_rsa</code> specifies your private key file; | :*<code>/home/ubuntu/.ssh/id_rsa</code> specifies your private key file; | ||