initial formatting changes complete
This commit is contained in:
@@ -1,13 +1,4 @@
|
||||
---
|
||||
title: Configuring SSH Keys in Merlin
|
||||
|
||||
#tags:
|
||||
keywords: linux, connecting, client, configuration, SSH, Keys, SSH-Keys, RSA, authorization, authentication
|
||||
last_updated: 15 Jul 2020
|
||||
summary: "This document describes how to deploy SSH Keys in Merlin."
|
||||
sidebar: merlin6_sidebar
|
||||
permalink: /merlin6/ssh-keys.html
|
||||
---
|
||||
# Configuring SSH Keys in Merlin
|
||||
|
||||
Merlin users sometimes will need to access the different Merlin services without being constantly requested by a password.
|
||||
One can achieve that with Kerberos authentication, however in some cases some software would require the setup of SSH Keys.
|
||||
@@ -22,14 +13,15 @@ User can check whether a SSH key already exists. These would be placed in the **
|
||||
is usually the default one, and files in there would be **`id_rsa`** (private key) and **`id_rsa.pub`** (public key).
|
||||
|
||||
```bash
|
||||
ls ~/.ssh/id*
|
||||
ls ~/.ssh/id*
|
||||
```
|
||||
|
||||
For creating **SSH RSA Keys**, one should:
|
||||
|
||||
1. Run `ssh-keygen`, a password will be requested twice. You **must remember** this password for the future.
|
||||
* Due to security reasons, ***always try protecting it with a password***. There is only one exception, when running ANSYS software, which in general should not use password to simplify the way of running the software in Slurm.
|
||||
* This will generate a private key **id_rsa**, and a public key **id_rsa.pub** in your **~/.ssh** directory.
|
||||
* Due to security reasons, ***always try protecting it with a password***. There is only one exception, when running ANSYS software, which in general should not use password to simplify the way of running the software in Slurm.
|
||||
* This will generate a private key **id_rsa**, and a public key **id_rsa.pub** in your **~/.ssh** directory.
|
||||
|
||||
2. Add your public key to the **`authorized_keys`** file, and ensure proper permissions for that file, as follows:
|
||||
```bash
|
||||
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
|
||||
@@ -57,16 +49,16 @@ For creating **SSH RSA Keys**, one should:
|
||||
|
||||
### Using Authentication Agent in SSH session
|
||||
|
||||
By default, when accessing the login node via SSH (with `ForwardAgent=yes`), it will automatically add your
|
||||
By default, when accessing the login node via SSH (with `ForwardAgent=yes`), it will automatically add your
|
||||
SSH Keys to the authentication agent. Hence, no actions should not be needed by the user. One can configure
|
||||
`ForwardAgent=yes` as follows:
|
||||
|
||||
* **(Recommended)** In your local Linux (workstation, laptop or desktop) add the following line in the
|
||||
`$HOME/.ssh/config` (or alternatively in `/etc/ssh/ssh_config`) file:
|
||||
* **(Recommended)** In your local Linux (workstation, laptop or desktop) add the following line in the
|
||||
`$HOME/.ssh/config` (or alternatively in `/etc/ssh/ssh_config`) file:
|
||||
```
|
||||
ForwardAgent yes
|
||||
```
|
||||
* Alternatively, on each SSH you can add the option `ForwardAgent=yes` in the SSH command. In example:
|
||||
* Alternatively, on each SSH you can add the option `ForwardAgent=yes` in the SSH command. In example:
|
||||
```bash
|
||||
ssh -XY -o ForwardAgent=yes merlin-l-001.psi.ch
|
||||
```
|
||||
@@ -74,12 +66,12 @@ SSH Keys to the authentication agent. Hence, no actions should not be needed by
|
||||
If `ForwardAgent` is not enabled as shown above, one needs to run the authentication agent and then add your key
|
||||
to the **ssh-agent**. This must be done once per SSH session, as follows:
|
||||
|
||||
* Run `eval $(ssh-agent -s)` to run the **ssh-agent** in that SSH session
|
||||
* Check whether the authentication agent has your key already added:
|
||||
* Run `eval $(ssh-agent -s)` to run the **ssh-agent** in that SSH session
|
||||
* Check whether the authentication agent has your key already added:
|
||||
```bash
|
||||
ssh-add -l | grep "/psi/home/$(whoami)/.ssh"
|
||||
```
|
||||
* If no key is returned in the previous step, you have to add the private key identity to the authentication agent.
|
||||
* If no key is returned in the previous step, you have to add the private key identity to the authentication agent.
|
||||
You will be requested for the **passphrase** of your key, and it can be done by running:
|
||||
```bash
|
||||
ssh-add
|
||||
@@ -96,7 +88,7 @@ However, for NoMachine one always need to add the private key identity to the au
|
||||
```bash
|
||||
ssh-add -l | grep "/psi/home/$(whoami)/.ssh"
|
||||
```
|
||||
2. If no key is returned in the previous step, you have to add the private key identity to the authentication agent.
|
||||
2. If no key is returned in the previous step, you have to add the private key identity to the authentication agent.
|
||||
You will be requested for the **passphrase** of your key, and it can be done by running:
|
||||
```bash
|
||||
ssh-add
|
||||
|
||||
Reference in New Issue
Block a user