Difference between revisions of "Using SSH Keys To Access HPG"

From UFRC
Jump to navigation Jump to search
Line 12: Line 12:
 
=Windows=
 
=Windows=
 
See the following document that describes how to [[Create SSH keys on Windows]].
 
See the following document that describes how to [[Create SSH keys on Windows]].
 
=SSH Configuration=
 
A convenient configuration for your ssh '''client''' on your local computer. The <code>ControlPath</code> and following lines setup persistent connections so that you do not need to redo the MFA verification with every connection. Replace you username in the <code>User</code> line.
 
<pre>
 
Host hpg
 
    User albertgator
 
    HostName hpg.rc.ufl.edu
 
    Port 2222
 
    ControlPath ~/.ssh/cm-%r@%l-%h:%p
 
    ControlMaster auto
 
    ControlPersist 8h
 
</pre>
 
In all commands below you can now use 'hpg' instead of USER@hpg.rc.ufl.edu
 
  
 
=Create SSH Keys=
 
=Create SSH Keys=
Line 30: Line 17:
  
 
'''The default cipher for ssh keys is RSA. However, this no longer recommended as it is less secure. We recommend users to use a ED25519 cipher when generating new keys in HiPerGator.'''
 
'''The default cipher for ssh keys is RSA. However, this no longer recommended as it is less secure. We recommend users to use a ED25519 cipher when generating new keys in HiPerGator.'''
* Generate a key
+
* Generate a key on Linux/Mac
 
  ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "Comment to make the key recognizable among many"
 
  ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "Comment to make the key recognizable among many"
 +
*Generate key from Windows Command Line
 +
ssh-keygen -t ed25519 -C "Comment to make the key recognizable among many"
  
* Add the following configuration at the top of the ~/.ssh/config file
+
=SSH Configuration=
 +
* Add the following configuration at the top of the ~/.ssh/config file. Linux and Windows users can remove the last two lines if preferred.
 
<pre>
 
<pre>
 
Host *
 
Host *
Line 40: Line 30:
 
   IgnoreUnknown UseKeychain
 
   IgnoreUnknown UseKeychain
 
   UseKeychain yes
 
   UseKeychain yes
 +
</pre>
 +
* If you're on Mac/ Linux, add the following under the previous text in config, but replace your username in the <code>User</code> line. Windows users should have this from initial setup. A convenient configuration for your ssh '''client''' on your local computer. In all commands below you can now use 'hpg' instead of USER@hpg.rc.ufl.edu
 +
<pre>
 +
Host hpg
 +
    User albertgator
 +
    HostName hpg.rc.ufl.edu
 +
    Port 2222
 +
    ControlPath ~/.ssh/cm-%r@%l-%h:%p
 +
    ControlMaster auto
 +
    ControlPersist 8h
 
</pre>
 
</pre>
  
 +
=Enable HPG Access on HPG=
 
* Configure your account on HiPerGator to accept the key instead of the username/password. If you are already logged in you can manually edit the ~/.ssh/authorized_keys file and add the new '''public''' ssh key as a single new line or run the following command, if available, on the local computer you generated your key pair on:
 
* Configure your account on HiPerGator to accept the key instead of the username/password. If you are already logged in you can manually edit the ~/.ssh/authorized_keys file and add the new '''public''' ssh key as a single new line or run the following command, if available, on the local computer you generated your key pair on:
  
 
(substitute your real username for 'USER')
 
(substitute your real username for 'USER')
 
  ssh-copy-id -i ~/.ssh/id_ed25519 USER@hpg.rc.ufl.edu
 
  ssh-copy-id -i ~/.ssh/id_ed25519 USER@hpg.rc.ufl.edu

Revision as of 14:18, 17 October 2022

Introduction

After a new account is created on HiPerGator (HPG) you, as the account's owner, can log in using your credentials (GatorLink username and password for UF users). Mis-typing the credentials several times will result in a security system block of the user's IP address and can be slow. For convenience and speed, it may be useful to set up a SSH key pair to use.

SSH key pair means there are two keys:

  1. A private key is stored in the ~/.ssh/ directory on the computer you are connecting from
    1. The private key acts as the identity file (the key part of the lock/key mechanism).
    2. Use a good passphrase to protect the private key in case it is accessed by someone else
    3. Use an SSH agent to store it, so you only have to type the passphrase in once when starting the computer or the terminal application.
  2. A public key gets copied to every system you want to connect to and can be described as a specification for the 'lock' part of the lock/key ssh mechanism to allow the receiving computer connections to your account from a system that uses the private key part of the pair as its identify file.

The private key is not used automatically, although most systems are configured to use ~/.ssh/id_rsa by default. See how to configure your ssh setup to use the correct private key as the IdentityFile below.

Windows

See the following document that describes how to Create SSH keys on Windows.

Create SSH Keys

Note: You can also use a text editor (vi, vscode, etc) in a terminal or a console session in Open OnDemand to edit ~/.ssh/authorized_keys file. On MacOS these steps can be done using either the built-in MacOS terminal application or iTerm2.

The default cipher for ssh keys is RSA. However, this no longer recommended as it is less secure. We recommend users to use a ED25519 cipher when generating new keys in HiPerGator.

  • Generate a key on Linux/Mac
ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "Comment to make the key recognizable among many"
  • Generate key from Windows Command Line
ssh-keygen -t ed25519 -C "Comment to make the key recognizable among many"

SSH Configuration

  • Add the following configuration at the top of the ~/.ssh/config file. Linux and Windows users can remove the last two lines if preferred.
Host *
  AddKeysToAgent yes
  IdentityFile ~/.ssh/id_ed25519
  IgnoreUnknown UseKeychain
  UseKeychain yes
  • If you're on Mac/ Linux, add the following under the previous text in config, but replace your username in the User line. Windows users should have this from initial setup. A convenient configuration for your ssh client on your local computer. In all commands below you can now use 'hpg' instead of USER@hpg.rc.ufl.edu
Host hpg
    User albertgator
    HostName hpg.rc.ufl.edu
    Port 2222
    ControlPath ~/.ssh/cm-%r@%l-%h:%p
    ControlMaster auto
    ControlPersist 8h

Enable HPG Access on HPG

  • Configure your account on HiPerGator to accept the key instead of the username/password. If you are already logged in you can manually edit the ~/.ssh/authorized_keys file and add the new public ssh key as a single new line or run the following command, if available, on the local computer you generated your key pair on:

(substitute your real username for 'USER') 

ssh-copy-id -i ~/.ssh/id_ed25519 USER@hpg.rc.ufl.edu
Retrieved from "https://help.rc.ufl.edu/mediawiki/index.php?title=Using_SSH_Keys_To_Access_HPG&oldid=26313"