Difference between revisions of "Using SSH Keys To Access HPG"
Line 37: | Line 37: | ||
HostName hpg.rc.ufl.edu | HostName hpg.rc.ufl.edu | ||
Port 2222 | Port 2222 | ||
+ | ControlPath ~/.ssh/cm-%r@%l-%h:%p | ||
+ | ControlMaster auto | ||
</pre> | </pre> | ||
Revision as of 21:33, 17 October 2022
Introduction
After a new account is created on HiPerGator (HPG) you, as the account's owner, can log in using your credentials (GatorLink username and password for UF users). Mis-typing the credentials several times will result in a security system block of the user's IP address and can be slow. For convenience and speed, it may be useful to set up a SSH key pair to use. If you're on windows you can accomplish this with Putty instead following the guide at Create SSH Keys Using Putty.
SSH key pair means there are two keys:
- A private key is stored in the
~/.ssh/
directory on the computer you are connecting from- The private key acts as the identity file (the key part of the lock/key mechanism).
- Use a good passphrase to protect the private key in case it is accessed by someone else
- Use an SSH agent to store it, so you only have to type the passphrase in once when starting the computer or the terminal application.
- A public key gets copied to every system you want to connect to and can be described as a specification for the 'lock' part of the lock/key ssh mechanism to allow the receiving computer connections to your account from a system that uses the private key part of the pair as its identify file.
The private key is not used automatically, although most systems are configured to use ~/.ssh/id_rsa by default. See how to configure your ssh setup to use the correct private key as the IdentityFile below.
Create SSH Keys
Note: You can also use a text editor (vi, vscode, etc) in a terminal or a console session in Open OnDemand to edit ~/.ssh/authorized_keys file. On MacOS these steps can be done using either the built-in MacOS terminal application or iTerm2.
The default cipher for ssh keys is RSA. However, this no longer recommended as it is less secure. We recommend users to use a ED25519 cipher when generating new keys in HiPerGator.
- Generate a key on Linux/Mac
ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "Comment to make the key recognizable among many"
- Generate key from Windows Command Line
ssh-keygen -t ed25519 -C "Comment to make the key recognizable among many"
SSH Configuration
- Add the following configuration at the top of the ~/.ssh/config file. Linux and Windows users can remove the last two lines if preferred.
Host * AddKeysToAgent yes IdentityFile ~/.ssh/id_ed25519 IgnoreUnknown UseKeychain UseKeychain yes
- If you're on Mac/ Linux, add the following under the previous text in config, but replace your username in the
User
line. A convenient configuration for your ssh client on your local computer. In all commands below you can now use 'hpg' instead of USER@hpg.rc.ufl.edu. If you would like to use multiplexing, consider following the guide at SSH Multiplexing - Windows users only need to add port 2222 to the config they added at setup, but can paste it all if that was not done.
Host hpg User albertgator HostName hpg.rc.ufl.edu Port 2222 ControlPath ~/.ssh/cm-%r@%l-%h:%p ControlMaster auto
Enable HPG Access on HPG
Configure your account on HiPerGator to accept the key instead of the username/password. If you are already logged in you can manually edit the ~/.ssh/authorized_keys file and add the new public ssh key.
- Alternatively on Mac or Linux, you can type the following command on your local computer, replacing your username for USER.
ssh-copy-id -i ~/.ssh/id_ed25519 USER@hpg.rc.ufl.edu
- In order to enable key-based login to HPG on Windows, you will need to copy the public key content into your authorized_keys file on HPG. To do this you will need to SSH as explain in Intefaces. From the hpg terminal, type the following to edit your authorized_keys file. Note: You can also use a text editor in a terminal or a console session in Open OnDemand to edit ~/.ssh/authorized_keys file.
nano $HOME/.ssh/authorized_keys
- There will likely already be entries for keys that were generated for your account automatically. Please select copy the data from your locally generated key file in .ssh folder. Use the arrow keys to navigate to the bottom of the list in the authorized_keys file and paste the data using right click. After you have pasted the information in the file, press the
CTRL
ando
keys at the same time followed byEnter
to write out the file. Then press theCTRL
andx
keys at the same time to exit the editor.
Congratulations your key is now authorized to login to your account on HPG.