Bureaucrats, cc_docs_admin, cc_staff
2,879
edits
SSH Keys: Difference between revisions
Jump to navigation
Jump to search
Marked this version for translation
No edit summary |
(Marked this version for translation) |
||
| Line 49: | Line 49: | ||
== Installing your key == <!--T:17--> | == Installing your key == <!--T:17--> | ||
=== Using CCDB === | === Using CCDB === <!--T:31--> | ||
<!--T:32--> | |||
To install the key, you must make the target/destination system aware of the public part of your key. | To install the key, you must make the target/destination system aware of the public part of your key. | ||
On Compute Canada, we have recently (March 2021) added a convenient way to do this. You should visit: | On Compute Canada, we have recently (March 2021) added a convenient way to do this. You should visit: | ||
| Line 82: | Line 83: | ||
-----END RSA PUBLIC KEY----- | -----END RSA PUBLIC KEY----- | ||
Public keys in RFC4716 or PKCS8 formats will look similar to PEM, with small variations in the header and footer lines. | Public keys in RFC4716 or PKCS8 formats will look similar to PEM, with small variations in the header and footer lines. | ||
=== Using the authorized_keys file === | === Using the authorized_keys file === <!--T:23--> | ||
<!--T:33--> | |||
The CCDB method described above makes your public key available on all Compute Canada HPC systems. This is convenient, and is often desired. | The CCDB method described above makes your public key available on all Compute Canada HPC systems. This is convenient, and is often desired. | ||
<!--T:34--> | |||
However, there may be circumstances in which you want to install a key only on a specific system. You can do this by adding the key | However, there may be circumstances in which you want to install a key only on a specific system. You can do this by adding the key | ||
to a file in your home directory on that system. For instance, to install a key that only works on Cedar, | to a file in your home directory on that system. For instance, to install a key that only works on Cedar, | ||
| Line 109: | Line 111: | ||
This avoids storing the unencrypted private key on permanent storage, where it is more vulnerable to being stolen or copied. | This avoids storing the unencrypted private key on permanent storage, where it is more vulnerable to being stolen or copied. | ||
== Advanced Key Generation == | == Advanced Key Generation == <!--T:35--> | ||
ssh-keygen shown above is using defaults, which are OK, but may not be ideal. | ssh-keygen shown above is using defaults, which are OK, but may not be ideal. | ||
for instance: | for instance: | ||