38,760
edits
Using SSH keys in Linux/en: Difference between revisions
Jump to navigation
Jump to search
Updating to match new version of source page
(Updating to match new version of source page) |
(Updating to match new version of source page) |
||
| Line 98: | Line 98: | ||
Grab the content of your public key (called ''id_rsa.pub'' in the above case) and upload it to CCDB as per step 3 of [[SSH_Keys#Using_CCDB|these instructions]]. | Grab the content of your public key (called ''id_rsa.pub'' in the above case) and upload it to CCDB as per step 3 of [[SSH_Keys#Using_CCDB|these instructions]]. | ||
<!--T:23--> | <!--T:23--> | ||
The simplest, safest way to install a key to a remote system is by using the < | The simplest, safest way to install a key to a remote system is by using the <code>ssh-copy-id</code> command: | ||
<source lang="console"> | <source lang="console"> | ||
ssh-copy-id -i ~/.ssh/mynewkey.pub graham.computecanada.ca | ssh-copy-id -i ~/.ssh/mynewkey.pub graham.computecanada.ca | ||
| Line 111: | Line 106: | ||
<!--T:17--> | <!--T:17--> | ||
If necessary, you can do this "manually" - in fact, < | If necessary, you can do this "manually" - in fact, <code>ssh-copy-id</code> isn't doing anything very magical. It's simply connecting to the remote machine, and placing the public key into <code>.ssh/authorized_keys</code> in your /home directory there. The main benefit from using <code>ssh-copy-id</code> is that it will create files and directories if necessary, and will ensure that the permissions on them are correct. You can do it entirely yourself by copying the public key file to the remote server, then: | ||
<source lang="bash"> | <source lang="bash"> | ||
mkdir ~/.ssh | mkdir ~/.ssh | ||
| Line 140: | Line 135: | ||
=Using ssh-agent= <!--T:18--> | =Using ssh-agent= <!--T:18--> | ||
Having successfully created a key pair and installed the public key on a cluster, you can now log in using the key pair. While this is a better solution than using a password to connect to our clusters, it still requires you to type in a passphrase, needed to unlock your private key, every time that you want to log in to a cluster. There is however the < | Having successfully created a key pair and installed the public key on a cluster, you can now log in using the key pair. While this is a better solution than using a password to connect to our clusters, it still requires you to type in a passphrase, needed to unlock your private key, every time that you want to log in to a cluster. There is however the <code>ssh-agent</code> program, which stores your private key in memory on your local computer and provides it whenever another program on this computer needs it for authentification. This means that you only need to unlock the private key once, after which you can log in to a remote cluster many times without having to type in the passphrase again. | ||
<!--T:19--> | <!--T:19--> | ||
You can start the < | You can start the <code>ssh-agent</code> program using the command | ||
{{Command|eval `ssh-agent` | {{Command|eval `ssh-agent` | ||
}} | }} | ||
After you have started the < | After you have started the <code>ssh-agent</code>, which will run in the background while you are logged in at your local computer, you can add your key pair to those managed by the agent using the command | ||
{{Command|ssh-add | {{Command|ssh-add | ||
}} | }} | ||
Assuming you installed your key pair in one of the standard locations, the < | Assuming you installed your key pair in one of the standard locations, the <code>ssh-add</code> command should be able to find it, though if necessary you can explicitly add the full path to the private key as an argument to <code>ssh-add</code>. Using the <code>ssh-add -l</code> option will show which private keys currently accessible to the <code>ssh-agent</code>. | ||
<!--T:21--> | <!--T:21--> | ||
While using < | While using <code>ssh-agent</code> will allow automatically negotiate the key exchange between your personal computer and the cluster, if you need to use your private key on the cluster itself, for example when interacting with a remote GitHub repository, you will need to enable ''agent forwarding''. To enable this on the [[Béluga/en|Béluga]] cluster, you can add the following lines to your <code>$HOME/.ssh/config</code> file on your personal computer, | ||
{{File | {{File | ||
|name=config | |name=config | ||
| Line 160: | Line 155: | ||
ForwardAgent yes | ForwardAgent yes | ||
}} | }} | ||
Note that you should never use the line < | Note that you should never use the line <code>Host *</code> for agent forwarding in your SSH configuration file. | ||
==Installing locally== <!--T:16--> | |||
The method below is still available, but we encourage all users to [[Using_SSH_keys_in_Linux#Installing via CCDB|install keys via CCDB]]. | |||
If for some reasons you still want to upload the public key locally on a specific cluster, the steps are described below. | |||
<!--T:20--> | <!--T:20--> | ||