38,760
edits
Using SSH keys in Linux/en: Difference between revisions
Jump to navigation
Jump to search
Updating to match new version of source page
(Updating to match new version of source page) |
(Updating to match new version of source page) |
||
| Line 3: | Line 3: | ||
''Parent page: [[SSH]]'' | ''Parent page: [[SSH]]'' | ||
=Creating a key pair= | =Creating a key pair= | ||
Before creating a new key pair, check to see if you already have one. If you do, but can't remember where you've used it, it's better to create a fresh one, since you shouldn't install a key of unknown security. | Before creating a new key pair, check to see if you already have one. If you do, but can't remember where you've used it, it's better to create a fresh one, since you shouldn't install a key of unknown security. | ||
| Line 86: | Line 86: | ||
=Installing the public part of the key= | =Installing the public part of the key= | ||
==Installing via CCDB== | ==Installing via CCDB== | ||
We encourage all users to leverage the new CCDB feature to install their SSH public key. This will make the key available to all our clusters. | We encourage all users to leverage the new CCDB feature to install their SSH public key. This will make the key available to all our clusters. | ||
Grab the content of your public key (called ''id_rsa.pub'' in the above case) and upload it to CCDB as per step 3 of [[SSH_Keys#Using_CCDB|these instructions]]. | Grab the content of your public key (called ''id_rsa.pub'' in the above case) and upload it to CCDB as per step 3 of [[SSH_Keys#Using_CCDB|these instructions]]. | ||
| Line 111: | Line 111: | ||
Note that debugging the remote conditions may not be obvious without the help of the remote machine's system administrators. | Note that debugging the remote conditions may not be obvious without the help of the remote machine's system administrators. | ||
=Connecting using a key pair= | =Connecting using a key pair= | ||
<li>Finally, test the new key by sshing to the remote machine from the local machine with | <li>Finally, test the new key by sshing to the remote machine from the local machine with | ||
<source lang="console">[name@yourLaptop]$ ssh -i /path/to/your/privatekey USERNAME@ADDRESS</source> | <source lang="console">[name@yourLaptop]$ ssh -i /path/to/your/privatekey USERNAME@ADDRESS</source> | ||
| Line 123: | Line 123: | ||
</ol> | </ol> | ||
=Using ssh-agent= | =Using ssh-agent= | ||
Having successfully created a key pair and installed the public key on a cluster, you can now log in using the key pair. While this is a better solution than using a password to connect to our clusters, it still requires you to type in a passphrase, needed to unlock your private key, every time that you want to log in to a cluster. There is however the <code>ssh-agent</code> program, which stores your private key in memory on your local computer and provides it whenever another program on this computer needs it for authentification. This means that you only need to unlock the private key once, after which you can log in to a remote cluster many times without having to type in the passphrase again. | Having successfully created a key pair and installed the public key on a cluster, you can now log in using the key pair. While this is a better solution than using a password to connect to our clusters, it still requires you to type in a passphrase, needed to unlock your private key, every time that you want to log in to a cluster. There is however the <code>ssh-agent</code> program, which stores your private key in memory on your local computer and provides it whenever another program on this computer needs it for authentification. This means that you only need to unlock the private key once, after which you can log in to a remote cluster many times without having to type in the passphrase again. | ||
| Line 143: | Line 143: | ||
}} | }} | ||
Note that you should never use the line <code>Host *</code> for agent forwarding in your SSH configuration file. | Note that you should never use the line <code>Host *</code> for agent forwarding in your SSH configuration file. | ||
Note that many contemporary Linux distributions as well as macOS now offer graphical "keychain managers" that can easily be configured to also manage your SSH key pair, so that logging in on your local computer is enough to store the private key in memory and have the operating system automatically provide it to the SSH client during login on a remote cluster. You will | Note that many contemporary Linux distributions as well as macOS now offer graphical "keychain managers" that can easily be configured to also manage your SSH key pair, so that logging in on your local computer is enough to store the private key in memory and have the operating system automatically provide it to the SSH client during login on a remote cluster. You will | ||
then be able to log in to our clusters without ever typing in any kind of passphrase. | then be able to log in to our clusters without ever typing in any kind of passphrase. | ||
[[Category:Connecting]] | [[Category:Connecting]] | ||