Updated documentation: ssh-agent and troubleshooting
This commit is contained in:
@ -42,11 +42,42 @@ For creating **SSH RSA Keys**, one should:
|
|||||||
|
|
||||||
## Using the SSH Keys
|
## Using the SSH Keys
|
||||||
|
|
||||||
By default, when login in the login node through SSH, it will automatically add your SSH Keys to the authentication agent.
|
### Using Authentication Agent in SSH session
|
||||||
Hence, no actions are needed by the user.
|
|
||||||
|
|
||||||
However, there are some cases where it might not automatically work. For example, for NoMachine one always need to add
|
By default, when accessing the login node via SSH (with `ForwardAgent=yes`), it will automatically add your
|
||||||
the private key identity to the authentication agent. This can be done as follows:
|
SSH Keys to the authentication agent. Hence, no actions should not be needed by the user. One can configure
|
||||||
|
`ForwardAgent=yes` as follows:
|
||||||
|
|
||||||
|
* **(Recommended)** In your local Linux (workstation, laptop or desktop) add the following line in the
|
||||||
|
`$HOME/.ssh/config` (or alternatively in `/etc/ssh/ssh_config`) file:
|
||||||
|
```
|
||||||
|
ForwardAgent yes
|
||||||
|
```
|
||||||
|
* Alternatively, on each SSH you can add the option `ForwardAgent=yes` in the SSH command. In example:
|
||||||
|
```bash
|
||||||
|
ssh -XY -o ForwardAgent=yes merlin-l-001.psi.ch
|
||||||
|
```
|
||||||
|
|
||||||
|
If `ForwardAgent` is not enabled as shown above, one needs to run the authentication agent and then add your key
|
||||||
|
to the **ssh-agent**. This must be done once per SSH session, as follows:
|
||||||
|
|
||||||
|
* Run `eval $(ssh-agent -s)` to run the **ssh-agent** in that SSH session
|
||||||
|
* Check whether the authentication agent has your key already added:
|
||||||
|
```bash
|
||||||
|
ssh-add -l | grep "/psi/home/$(whoami)/.ssh"
|
||||||
|
```
|
||||||
|
* If no key is returned in the previous step, you have to add the private key identity to the authentication agent.
|
||||||
|
You will be requested for the **passphrase** of your key, and it can be done by running:
|
||||||
|
```bash
|
||||||
|
ssh-add
|
||||||
|
```
|
||||||
|
|
||||||
|
### Using Authentication Agent in NoMachine Session
|
||||||
|
|
||||||
|
By default, when using a NoMachine session, the `ssh-agent` should be automatically started. Hence, there is no need of
|
||||||
|
starting the agent or forwarding it.
|
||||||
|
|
||||||
|
However, for NoMachine one always need to add the private key identity to the authentication agent. This can be done as follows:
|
||||||
|
|
||||||
1. Check whether the authentication agent has already the key added:
|
1. Check whether the authentication agent has already the key added:
|
||||||
```bash
|
```bash
|
||||||
@ -58,8 +89,33 @@ You will be requested for the **passphrase** of your key, and it can be done by
|
|||||||
ssh-add
|
ssh-add
|
||||||
```
|
```
|
||||||
|
|
||||||
When running `ssh-add` is needed (i.e. NoMachine session, or miss-behaving SSH access), you need to run it only once per new session.
|
You just need to run it once per NoMachine session, and it would apply to all terminal windows within that NoMachine session.
|
||||||
It is, for NoMachine, you just need to run it once, and it would apply to all terminal windows within that NoMachine session.
|
|
||||||
|
## Troubleshooting
|
||||||
|
|
||||||
|
### Errors when running 'ssh-add'
|
||||||
|
|
||||||
|
If the error `Could not open a connection to your authentication agent.` appears when running `ssh-add`, it means
|
||||||
|
that the authentication agent is not running. Please follow the previous procedures for starting it.
|
||||||
|
|
||||||
|
### Adding/Updationg SSH RSA Key password
|
||||||
|
|
||||||
|
If an existing SSH Key does not have password, or you want to update an existing password with a new one, you can do it as follows:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
ssh-keygen -p -f ~/.ssh/id_rsa
|
||||||
|
```
|
||||||
|
|
||||||
|
### SSH Keys deployed but not working
|
||||||
|
|
||||||
|
Please ensure proper permissions of the involved files, as well as any typos in the file names involved:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
chmod u+rwx,go-rwx,g+s ~/.ssh
|
||||||
|
chmod u+rw-x,go-rwx ~/.ssh/authorized_keys
|
||||||
|
chmod u+rw-x,go-rwx ~/.ssh/id_rsa
|
||||||
|
chmod u+rw-x,go+r-wx ~/.ssh/id_rsa.pub
|
||||||
|
```
|
||||||
|
|
||||||
### Testing SSH Keys
|
### Testing SSH Keys
|
||||||
|
|
||||||
@ -88,24 +144,3 @@ Once SSH Key is created, for testing that the SSH Key is valid, one can do the f
|
|||||||
```
|
```
|
||||||
|
|
||||||
If the last step succeeds, then means that your SSH Key is properly setup.
|
If the last step succeeds, then means that your SSH Key is properly setup.
|
||||||
|
|
||||||
## Troubleshooting
|
|
||||||
|
|
||||||
### Add/Update SSH RSA Key password
|
|
||||||
|
|
||||||
If an existing SSH Key does not have password, or you want to update an existing password with a new one, you can do it as follows:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
ssh-keygen -p -f ~/.ssh/id_rsa
|
|
||||||
```
|
|
||||||
|
|
||||||
### SSH Keys deployed but not working
|
|
||||||
|
|
||||||
Please ensure proper permissions of the involved files, as well as any typos in the file names involved:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
chmod u+rwx,go-rwx,g+s ~/.ssh
|
|
||||||
chmod u+rw-x,go-rwx ~/.ssh/authorized_keys
|
|
||||||
chmod u+rw-x,go-rwx ~/.ssh/id_rsa
|
|
||||||
chmod u+rw-x,go+r-wx ~/.ssh/id_rsa.pub
|
|
||||||
```
|
|
||||||
|
|||||||
Reference in New Issue
Block a user