update ssh keys docu

pages/merlin7/02-How-To-Use-Merlin/ssh-keys.md

@@ -31,23 +31,31 @@ For creating **SSH RSA Keys**, one should:
    * Due to security reasons, ***always try protecting it with a password***. There is only one exception, when running ANSYS software, which in general should not use password to simplify the way of running the software in Slurm.
    * This will generate a private key **id_rsa**, and a public key **id_rsa.pub** in your **~/.ssh** directory.
 2. Add your public key to the **`authorized_keys`** file, and ensure proper permissions for that file, as follows:
+
    ```bash
    cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
    chmod 0600 ~/.ssh/authorized_keys
    ```
+
 3. Configure the SSH client in order to force the usage of the **psi.ch** domain for trusting keys:
+
    ```bash
    echo "CanonicalizeHostname yes" >> ~/.ssh/config
    ```
+
 4. Configure further SSH options as follows:
+
    ```bash
    echo "AddKeysToAgent yes" >> ~/.ssh/config
    echo "ForwardAgent yes" >> ~/.ssh/config
    ```
+
    Other options may be added.
+
 5. Check that your SSH config file contains at least the lines mentioned in steps 3 and 4:
-   ```bash
-   (base) ❄ [caubet_m@login001:/data/user/caubet_m]# cat ~/.ssh/config
+
+   ```console
+   # cat ~/.ssh/config
    CanonicalizeHostname yes
    AddKeysToAgent yes
    ForwardAgent yes
@@ -63,10 +71,13 @@ SSH Keys to the authentication agent. Hence, no actions should not be needed by
 
 * **(Recommended)** In your local Linux (workstation, laptop or desktop) add the following line in the
   `$HOME/.ssh/config` (or alternatively in `/etc/ssh/ssh_config`) file:
-   ```
+
+  ```ssh_config
   ForwardAgent yes
   ```
+
 * Alternatively, on each SSH you can add the option `ForwardAgent=yes` in the SSH command. In example:
+
   ```bash
   ssh -XY -o ForwardAgent=yes login001.merlin7.psi.ch
   ```
@@ -76,11 +87,14 @@ to the **ssh-agent**. This must be done once per SSH session, as follows:
 
 * Run `eval $(ssh-agent -s)` to run the **ssh-agent** in that SSH session
 * Check whether the authentication agent has your key already added:
+
   ```bash
   ssh-add -l | grep "/data/user/$(whoami)/.ssh"
   ```
+
 * If no key is returned in the previous step, you have to add the private key identity to the authentication agent. 
 You will be requested for the **passphrase** of your key, and it can be done by running:
+
   ```bash
   ssh-add
   ```
@@ -93,11 +107,13 @@ starting the agent or forwarding it.
 However, for NoMachine one always need to add the private key identity to the authentication agent. This can be done as follows:
 
 1. Check whether the authentication agent has already the key added:
+
    ```bash
    ssh-add -l | grep "/data/user/$(whoami)/.ssh"
    ```
 2. If no key is returned in the previous step, you have to add the private key identity to the authentication agent. 
 You will be requested for the **passphrase** of your key, and it can be done by running:
+
    ```bash
    ssh-add
    ```
@@ -135,23 +151,32 @@ chmod u+rw-x,go+r-wx   ~/.ssh/id_rsa.pub
 Once SSH Key is created, for testing that the SSH Key is valid, one can do the following:
 
 1. Create a **new** SSH session in one of the login nodes:
+
    ```bash
    ssh login001
    ```
+
 2. In the login node session, destroy any existing Kerberos ticket or active SSH Key:
+
    ```bash
    kdestroy
    ssh-add -D
    ```
+
 3. Add the new private key identity to the authentication agent. You will be requested by the passphrase.
+
    ```bash
    ssh-add
    ```
+
 4. Check that your key is active by the SSH agent:
+
    ```bash
    ssh-add -l
    ```
+
 4. SSH to the second login node. No password should be requested:
+
    ```bash
    ssh -vvv login002
    ```