SSH keys 
========

  

 Key management
-------------------------------------------------------------------

After logging in, you can see .ssh/ directory with SSH keys and
authorized_keys file:

    $ cd /home/username/
    $ ls -la .ssh/
    total 24
    drwx------ 2 username username 4096 May 13 15:12 .
    drwxr-x---22 username username 4096 May 13 07:22 ..
    -rw-r--r-- 1 username username  392 May 21  2014 authorized_keys
    -rw------- 1 username username 1675 May 21  2014 id_rsa
    -rw------- 1 username username 1460 May 21  2014 id_rsa.ppk
    -rw-r--r-- 1 username username  392 May 21  2014 id_rsa.pub

 Please note that private keys in
.ssh directory are without passphrase and allow you to connect within
the cluster.

### Access privileges on .ssh folder

-   `.ssh`     directory: 700 (drwx------)
    
     directory: 
    700 (drwx------)
-   
    Authorized_keys, known_hosts and public key (`.pub` file): `644 (-rw-r--r--)` 
    
    
    known_hosts and
     public key 
    (`.pub`
    
     file): 
    
    `644 (-rw-r--r--)`
-    
    ``
     
    Private key (`id_rsa/id_rsa.ppk` ): `600 (-rw-------)`
    (`id_rsa/id_rsa.ppk`
    ): 
    `600 (-rw-------)`
    
    

    cd /home/username/
    chmod 700 .ssh/
    chmod 644 .ssh/authorized_keys
    chmod 644 .ssh/id_rsa.pub
    chmod 644 .ssh/known_hosts
    chmod 600 .ssh/id_rsa
    chmod 600 .ssh/id_rsa.ppk

Private key (`id_rsa/id_rsa.ppk` ): `600 (-rw-------)`
-----------

The path to a private key is usually /home/username/.ssh/

Private key (`id_rsa/id_rsa.ppk` ): `600 (-rw-------)` file in "id_rsa" or `"*.ppk" `format is used to
authenticate with the servers. 
Private key (`id_rsa/id_rsa.ppk` ): `600 (-rw-------)` is present locally
on local side and used for example in SSH agent [Pageant (for Windows
users)](putty/PageantV.png). The private key should
always be kept in a safe place.

 An example of private key
format:

    -----BEGIN RSA PRIVATE KEY-----
    MIIEpAIBAAKCAQEAqbo7jokygnBpG2wYa5NB45ns6+UKTNLMLHF0BO3zmRtKEElE
    aGqXfbYwvXlcuRb2d9/Y5dVpCZHV0kbY3NhtVOcEIe+1ROaiU9BEsUAhMNEvgiLV
    gSql4QvRO4BWPlM8+WAWXDp3oeoBh8glXyuh9teb8yq98fv1r1peYGRrW3/s4V+q
    O1SQ0XY2T7rWCYRLIP6rTMXArTI35v3WU513mn7nm1fJ7oN0QgVH5b0W9V1Kyc4l
    9vILHeMXxvz+i/5jTEfLOJpiRGYZYcaYrE4dIiHPl3IlbV7hlkK23Xb1US8QJr5G
    ADxp1VTkHjY+mKagEfxl1hQIb42JLHhKMEGqNQIDAQABAoIBAQCkypPuxZjL+vai
    UGa5dAWiRZ46P2yrwHPKpvEdpCdDPbLAc1K/CtdBkHZsUPxNHVV6eFWweW99giIY
    Av+mFWC58X8asBHQ7xkmxW0cqAZRzpkRAl9IBS9/fKjO28Fgy/p+suOi8oWbKIgJ
    3LMkX0nnT9oz1AkOfTNC6Tv+3SE7eTj1RPcMjur4W1Cd1N3EljLszdVk4tLxlXBS
    yl9NzVnJJbJR4t01l45VfFECgYEAno1WJSB/SwdZvS9GkfhvmZd3r4vyV9Bmo3dn
    XZAh8HRW13imOnpklDR4FRe98D9A7V3yh9h60Co4oAUd6N+Oc68/qnv/8O9efA+M
    /neI9ANYFo8F0+yFCp4Duj7zPV3aWlN/pd8TNzLqecqh10uZNMy8rAjCxybeZjWd
    DyhgywXhAoGBAN3BCazNefYpLbpBQzwes+f2oStvwOYKDqySWsYVXeVgUI+OWTVZ
    eZ26Y86E8MQO+q0TIxpwou+TEaUgOSqCX40Q37rGSl9K+rjnboJBYNCmwVp9bfyj
    kCLL/3g57nTSqhgHNa1xwemePvgNdn6FZteA8sXiCg5ZzaISqWAffek5AoGBAMPw
    V/vwQ96C8E3l1cH5cUbmBCCcfXM2GLv74bb1V3SvCiAKgOrZ8gEgUiQ0+TfcbAbe
    7MM20vRNQjaLTBpai/BTbmqM1Q+r1KNjq8k5bfTdAoGANgzlNM9omM10rd9WagL5
    yuJcal/03p048mtB4OI4Xr5ZJISHze8fK4jQ5veUT9Vu2Fy/w6QMsuRf+qWeCXR5
    RPC2H0JzkS+2uZp8BOHk1iDPqbxWXJE9I57CxBV9C/tfzo2IhtOOcuJ4LY+sw+y/
    ocKpJbdLTWrTLdqLHwicdn8OxeWot1mOukyK2l0UeDkY6H5pYPtHTpAZvRBd7ETL
    Zs2RP3KFFvho6aIDGrY0wee740/jWotx7fbxxKwPyDRsbH3+1Wx/eX2RND4OGdkH
    gejJEzpk/7y/P/hCad7bSDdHZwO+Z03HIRC0E8yQz+JYatrqckaRCtd7cXryTmTR
    FbvLJmECgYBDpfno2CzcFJCTdNBZFi34oJRiDb+HdESXepk58PcNcgK3R8PXf+au
    OqDBtZIuFv9U1WAg0gzGwt/0Y9u2c8m0nXziUS6AePxy5sBHs7g9C9WeZRz/nCWK
    +cHIm7XOwBEzDKz5f9eBqRGipm0skDZNKl8X/5QMTT5K3Eci2n+lTw==
    -----END RSA PRIVATE KEY-----

Public key
----------

Public key file in "*.pub" format is used to 
verify a
 
digital signature. Public 
key is present on the remote
side and  allows access to
the owner of the matching private key.

 An example of public key
format:

    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpujuOiTKCcGkbbBhrk0Hjmezr5QpM0swscXQE7fOZG0oQSURoapd9tjC9eVy5FvZ339jl1WkJkdXSRtjc2G1U5wQh77VE5qJT0ESxQCEw0S+CItWBKqXhC9E7gFY+UyP5YBZcOneh6gGHyCVfK6H215vzKr3x+/WvWl5gZGtbf+zhX6o4RJDRdjZPutYJhEsg/qtMxcCtMjfm/dZTnXeafuebV8nug3RCBUflvRb1XUrJuiX28gsd4xfG/P6L/mNMR8s4kmJEZhlhxpj8Th0iIc+XciVtXuGWQrbddcVRLxAmvkYAPGnVVOQeNj69pqAR/GXaFAhvjYkseEowQao1 username@organization.example.com

### How to add your own key

First, generate a new keypair of your public and private key:

    local $ ssh-keygen -C 'username@organization.example.com' -f additional_key

Please, enter **strong** **passphrase** for securing your private key.

You can insert additional public key into authorized_keys file for
authentication with your own private key. Additional records in
authorized_keys file must be delimited by new line. Users are
not advised to remove the default public key from authorized_keys file.

Example:

    $ cat additional_key.pub > ~/.ssh/authorized_keys

In this example, we add an additional public key, stored in file
additional_key.pub into the authorized_keys. Next time we log in, we
will be able to use the private addtional_key key to log in.

### How to remove your own key

Removing your key from authorized_keys can be done simply by deleting
the corresponding public key which can be identified by a comment at the
end of line (eg. username@organization.example.com).