Create a ssh key
Access to the INCD computing clusters is performed via SSH and requires the use of SSH keys for authentication. Authentication with passwords is not supported. Each SSH key pair has two components a public key that must be added to the hosts to be remotely accessed, and a private key that must remain in the user workstation or laptop machine. The private key must be protected with a password. The users must generate their own SSH key pair in a machine of their own (workstation, laptop, etc). To generate an SSH key pair follow these instructions.
Linux
- Users must generate the SSH key pair in a computer of their own (desktop, notebook etc).
- The passphrase is used to protect the private key, very IMPORTANT please choose a strong password with uppercase and lowercase characters, numbers and symbols.
$ ssh-keygen -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Created directory '/home/username/.ssh'.
Enter passphrase (empty for no passphrase): ----> IMPORTANT: Choose a strong password
Enter same passphrase again: ----> IMPORTANT: Choose a strong password
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
- ssh-keygen will create a pair of keys, private (id_rsa) and public (id_rsa.pub), these files are created in the user home directory usually under $HOME/.ssh
- The file and directory protections of $HOME/.ssh should be as follows:
ls -la $HOME/.ssh/
total 8
drwx------ 3 username group 4096 Jan 11 18:12 .
-rw------- 1 username group 1743 Feb 19 10:52 id_rsa
-rw-r--r-- 1 username group 404 Feb 19 10:52 id_rsa.pub
- Users must send to the INCD administrators only the public key id_rsa.pub
- The private key must must be kept private and must NEVER be shared with other persons.
Microsoft Windows
- For users accessing the INCD public machines we recommend the use of terminal emulators in Windows like MobaXterm.
- MobaXterm works both as a terminal and X windows server, this allows to display in your desktop graphical X11 windows from the remote Linux host.
- MobaXterm documentation is available here
- Key pairs can be generated with
ssh-keygen -b 4096 -t rsa - You can also create and manage your SSH keys using the embedded MobaKeyGen application (available in the "Tools" menu).
- Windows users can also generate ssh-keys using Putty
- Users must send to the INCD administrators only the public key id_rsa.pub
- The private key must must be kept private and must NEVER be shared with other persons.
General remarks
-
If the INCD helpdesk confirms that your public key was installed and still you cannot login please check the following:
- That you are trying to access the correct INCD login hostname as indicated by the INCD helpdesk.
- That you are trying to access the INCD host from the same machine and user account where you generated the SSH key pair.
- That the permissions and ownership of your SSH directory and contained files are correct. The relevant Linux directory and files are:
- $HOME/.ssh
- $HOME/.ssh/id_rsa
- $HOME/.ssh/id_rsa.pub
- That the SSH private key password is correct. In Linux you can do this by trying to load the private key into the SSH agent with the command:
ssh-add - That the INCD login host is reachable. From Linux you can use the command
nmap -P0 -p22 hostnamethe returned port STATE for the SERVICE ssh (PORT 22/TCP) must be open. If the hostname does not resolve or the STATE is different from open (e.g. filtered) you may have a network connectivity problem.
-
If you still can't login please contact the INCD helpdesk.