Create a ssh key
Access to the INCD computing clusters is performed via SSH and requires the use of SSH keys for authentication. Authentication with passwords is not supported. Each SSH key pair has two components a public key that must be added to the hosts to be remotely accessed, and a private key that must remain in the user workstation or laptop machine. The private key must be protected with a password. The users must generate their own SSH key pair in a machine of their own (workstation, laptop, etc). To generate an SSH key pair follow these instructions.
Linux
- Users must generate the SSH key pair in a computer of their own (desktop, notebook etc).
- The passphrase is used to protect the private key, very IMPORTANT please choose a strong password with uppercase and lowercase characters, numbers and symbols.
$ ssh-keygen -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Created directory '/home/username/.ssh'.
Enter passphrase (empty for no passphrase): ----> IMPORTANT: Choose a strong password
Enter same passphrase again: ----> IMPORTANT: Choose a strong password
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
- ssh-keygen will create a pair of keys, private (id_rsa) and public (id_rsa.pub), these files are created in the user home directory usually under $HOME/.ssh
- The file and directory protections of $HOME/.ssh should be as follows:
ls -la $HOME/.ssh/
total 8
drwx------ 3 username group 4096 Jan 11 18:12 .
-rw------- 1 username group 1743 Feb 19 10:52 id_rsa
-rw-r--r-- 1 username group 404 Feb 19 10:52 id_rsa.pub
- Users must send to the INCD administrators only the public key id_rsa.pub
- The private key must must be kept private and must NEVER be shared with other persons.
Microsoft Windows
- For users accessing the INCD public machines we recommend the use of terminal emulators in Windows like MobaXterm.
- MobaXterm works both as a terminal and X windows server, this allows to display in your desktop graphical X11 windows from the remote Linux host.
- MobaXterm documentation is available here
- Key pairs can be generated with
ssh-keygen -b 4096 -t rsa
- You can also create and manage your SSH keys using the embedded MobaKeyGen application (available in the "Tools" menu).
- Windows users can also generate ssh-keys using Putty
- Users must send to the INCD administrators only the public key id_rsa.pub
- The private key must must be kept private and must NEVER be shared with other persons.
General remarks
- You can only login from the machine and account where the SSH key pair is (the machine where you generate it).
- The SSH authentication credentials can be forwarded automatically across machines see Configuring SSH, but you need to start from the machine and user account where your private key is stored.
- If the INCD helpdesk confirms that your public key was installed and still you cannot login please check the permissions of the SSH directory and files listed below and see if they match the protections listed in the Linux section above. Also check that the files ownership match the correct username and group.
- $HOME/.ssh
- $HOME/.ssh/id_rsa
- $HOME/.ssh/id_rsa.pub
- Check that the SSH private key password is correct. You can do this by trying to load the private key into the SSH agent with the command:
ssh-add