Ssh keys

From ALICE Documentation

Revision as of 17:51, 8 July 2019 by Deuler (talk | contribs)

It is possible to setup ssh using keys only.

Setup Linux ssh for key based login

We need to create a private/public key set to allow passwordless login via ssh. To do this run the sshkey-ge command:

 ssh-keygen -t rsa
 Generating public/private rsa key pair.
 Enter file in which to save the key (/home/testuser1/.ssh/id_rsa): 
 Enter passphrase (empty for no passphrase): 
 Enter same passphrase again: 
 Your identification has been saved in /home/testuser1/.ssh/id_rsa.
 Your public key has been saved in /home/testuser1/.ssh/
 The key fingerprint is:
 The key's randomart image is:
 +---[RSA 2048]----+
 | .o=+o.. . ..    |
 | ++.oo. . .  .   |
 | .o.+ .+..  .    |
 |  o. oo.=o o     |
 | o o=.o=S ...    |
 |  +..=.+. . o    |
 |   .+ .  . E     |
 |.+ +. .          |
 |+o* .o           |

Setup PuTTY to use key based login

Before we can use key based login we first need to create a private/public key set. This is done by the program puttygen. Open this program:


and hit the 'Generate'key. You will have to move your mouse around as this will help randomness in the creation of the key pair. Once the keys have been created you need to save each key in its own file.


Make sure to use sensible file names for the two key files. The private key is automatically appended with the .ppk extension, while the public key does not need an extension.


Now we must make PuTTY aware of the private key. Go to SSH - AUTH and use the Browse button to select the file in whuch you have previously saved the private key (usually extenstion .ppk).


Finnaly we need to tell PuTTY to use a particular account name for accessing the public key (which we still need to upload). So go to SSH - DATA and fill in your ULCN account name in the 'Auto-login username' box.


With all these changes make sure to save the setting: go to Session and click the Save button.

We still need to copy the public key to the server. To do so user Wordpad to open your public key file and select the text part. In this case from 'AAA' to '=='. User CTRL-C to copy.


Open the login session to the server (you still have to provide your password), then go to the .ssh directory and edit the authorized_keys file using an editor (e.g. vi) and paste in the copied text from the public file. Make sure the pasted text is one line! Perpend that line with ssh-rsa (the default key type from puttygen) and save the file.


Once the authorized_key file is saved, you can login without the need to type in you password.

This procedure can be used for the second login profile (the one you use to log in onto the ALICE login node).