Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
SSH keys
========
Key management
-------------------------------------------------------------------
After logging in, you can see .ssh/ directory with SSH keys and
authorized_keys file:
$ cd /home/username/
$ ls -la .ssh/
total 24
drwx------ 2 username username 4096 May 13 15:12 .
drwxr-x---22 username username 4096 May 13 07:22 ..
-rw-r--r-- 1 username username 392 May 21 2014 authorized_keys
-rw------- 1 username username 1675 May 21 2014 id_rsa
-rw------- 1 username username 1460 May 21 2014 id_rsa.ppk
-rw-r--r-- 1 username username 392 May 21 2014 id_rsa.pub
Please note that private keys in
.ssh directory are without passphrase and allow you to connect within
the cluster.
### Access privileges on .ssh folder
- `.ssh` directory: 700 (drwx------)
directory:
700 (drwx------)
-
Authorized_keys, known_hosts and public key (`.pub` file): `644 (-rw-r--r--)`
known_hosts and
public key
(`.pub`
file):
`644 (-rw-r--r--)`
-
``
Private key (`id_rsa/id_rsa.ppk` ): `600 (-rw-------)`
(`id_rsa/id_rsa.ppk`
):
`600 (-rw-------)`
cd /home/username/
chmod 700 .ssh/
chmod 644 .ssh/authorized_keys
chmod 644 .ssh/id_rsa.pub
chmod 644 .ssh/known_hosts
chmod 600 .ssh/id_rsa
chmod 600 .ssh/id_rsa.ppk
Private key (`id_rsa/id_rsa.ppk` ): `600 (-rw-------)`
-----------
The path to a private key is usually /home/username/.ssh/
Private key (`id_rsa/id_rsa.ppk` ): `600 (-rw-------)` file in "id_rsa" or `"*.ppk" `format is used to
authenticate with the servers.
Private key (`id_rsa/id_rsa.ppk` ): `600 (-rw-------)` is present locally
on local side and used for example in SSH agent [Pageant (for Windows
users)](putty/PageantV.png). The private key should
always be kept in a safe place.
An example of private key
format:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAqbo7jokygnBpG2wYa5NB45ns6+UKTNLMLHF0BO3zmRtKEElE
aGqXfbYwvXlcuRb2d9/Y5dVpCZHV0kbY3NhtVOcEIe+1ROaiU9BEsUAhMNEvgiLV
gSql4QvRO4BWPlM8+WAWXDp3oeoBh8glXyuh9teb8yq98fv1r1peYGRrW3/s4V+q
O1SQ0XY2T7rWCYRLIP6rTMXArTI35v3WU513mn7nm1fJ7oN0QgVH5b0W9V1Kyc4l
9vILHeMXxvz+i/5jTEfLOJpiRGYZYcaYrE4dIiHPl3IlbV7hlkK23Xb1US8QJr5G
ADxp1VTkHjY+mKagEfxl1hQIb42JLHhKMEGqNQIDAQABAoIBAQCkypPuxZjL+vai
UGa5dAWiRZ46P2yrwHPKpvEdpCdDPbLAc1K/CtdBkHZsUPxNHVV6eFWweW99giIY
Av+mFWC58X8asBHQ7xkmxW0cqAZRzpkRAl9IBS9/fKjO28Fgy/p+suOi8oWbKIgJ
3LMkX0nnT9oz1AkOfTNC6Tv+3SE7eTj1RPcMjur4W1Cd1N3EljLszdVk4tLxlXBS
yl9NzVnJJbJR4t01l45VfFECgYEAno1WJSB/SwdZvS9GkfhvmZd3r4vyV9Bmo3dn
XZAh8HRW13imOnpklDR4FRe98D9A7V3yh9h60Co4oAUd6N+Oc68/qnv/8O9efA+M
/neI9ANYFo8F0+yFCp4Duj7zPV3aWlN/pd8TNzLqecqh10uZNMy8rAjCxybeZjWd
DyhgywXhAoGBAN3BCazNefYpLbpBQzwes+f2oStvwOYKDqySWsYVXeVgUI+OWTVZ
eZ26Y86E8MQO+q0TIxpwou+TEaUgOSqCX40Q37rGSl9K+rjnboJBYNCmwVp9bfyj
kCLL/3g57nTSqhgHNa1xwemePvgNdn6FZteA8sXiCg5ZzaISqWAffek5AoGBAMPw
V/vwQ96C8E3l1cH5cUbmBCCcfXM2GLv74bb1V3SvCiAKgOrZ8gEgUiQ0+TfcbAbe
7MM20vRNQjaLTBpai/BTbmqM1Q+r1KNjq8k5bfTdAoGANgzlNM9omM10rd9WagL5
yuJcal/03p048mtB4OI4Xr5ZJISHze8fK4jQ5veUT9Vu2Fy/w6QMsuRf+qWeCXR5
RPC2H0JzkS+2uZp8BOHk1iDPqbxWXJE9I57CxBV9C/tfzo2IhtOOcuJ4LY+sw+y/
ocKpJbdLTWrTLdqLHwicdn8OxeWot1mOukyK2l0UeDkY6H5pYPtHTpAZvRBd7ETL
Zs2RP3KFFvho6aIDGrY0wee740/jWotx7fbxxKwPyDRsbH3+1Wx/eX2RND4OGdkH
gejJEzpk/7y/P/hCad7bSDdHZwO+Z03HIRC0E8yQz+JYatrqckaRCtd7cXryTmTR
FbvLJmECgYBDpfno2CzcFJCTdNBZFi34oJRiDb+HdESXepk58PcNcgK3R8PXf+au
OqDBtZIuFv9U1WAg0gzGwt/0Y9u2c8m0nXziUS6AePxy5sBHs7g9C9WeZRz/nCWK
+cHIm7XOwBEzDKz5f9eBqRGipm0skDZNKl8X/5QMTT5K3Eci2n+lTw==
-----END RSA PRIVATE KEY-----
Public key
----------
Public key file in "*.pub" format is used to
verify a
digital signature. Public
key is present on the remote
side and allows access to
the owner of the matching private key.
An example of public key
format:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpujuOiTKCcGkbbBhrk0Hjmezr5QpM0swscXQE7fOZG0oQSURoapd9tjC9eVy5FvZ339jl1WkJkdXSRtjc2G1U5wQh77VE5qJT0ESxQCEw0S+CItWBKqXhC9E7gFY+UyP5YBZcOneh6gGHyCVfK6H215vzKr3x+/WvWl5gZGtbf+zhX6o4RJDRdjZPutYJhEsg/qtMxcCtMjfm/dZTnXeafuebV8nug3RCBUflvRb1XUrJuiX28gsd4xfG/P6L/mNMR8s4kmJEZhlhxpj8Th0iIc+XciVtXuGWQrbddcVRLxAmvkYAPGnVVOQeNj69pqAR/GXaFAhvjYkseEowQao1 username@organization.example.com
### How to add your own key
First, generate a new keypair of your public and private key:
local $ ssh-keygen -C 'username@organization.example.com' -f additional_key
Please, enter **strong** **passphrase** for securing your private key.
You can insert additional public key into authorized_keys file for
authentication with your own private key. Additional records in
authorized_keys file must be delimited by new line. Users are
not advised to remove the default public key from authorized_keys file.
Example:
$ cat additional_key.pub > ~/.ssh/authorized_keys
In this example, we add an additional public key, stored in file
additional_key.pub into the authorized_keys. Next time we log in, we
will be able to use the private addtional_key key to log in.
### How to remove your own key
Removing your key from authorized_keys can be done simply by deleting
the corresponding public key which can be identified by a comment at the
end of line (eg. username@organization.example.com).