Commit 08225533 authored by Jan Siwiec's avatar Jan Siwiec
Browse files

Merge branch 'ssh-keys' into 'master'

Ssh keys

See merge request sccs/docs.it4i.cz!351
parents 0984d3e8 a0235be5
......@@ -5,8 +5,6 @@
We recommend you to download "**A Windows installer for everything except PuTTYtel**" with **Pageant** (SSH authentication agent) and **PuTTYgen** (PuTTY key generator) which is available [here][a].
!!! note
After installation, you can proceed directly to private keys authentication using ["Putty"][1].
"Change Password for Existing Private Key" is optional.
"Generate a New Public/Private key pair" is intended for users without Public/Private key in the initial email containing login credentials.
......@@ -101,10 +99,14 @@ You can generate an additional public/private key pair and insert public key int
![](../../../img/PuttyKeygenerator_006V.png)
* Now you can insert an additional public key into the authorized_keys file for authentication with your own private key.
You must log in using the SSH key received after registration. Then proceed to [How to add your own key][2].
## Managing Your SSH Key
To manage your SSH key for authentication to clusters, see the [SSH Key Management][3] section.
[1]: ./ssh-key-management.md
[1]: #putty
[2]: ssh-keys.md#how-to-add-your-own-key
[3]: ./ssh-key-management.md
[a]: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
# SSH Key Management
When you first create an account with IT4Innovations, you receive an SSH key with your credentials. However, you can manage your own SSH key for authentication to clusters.
## Managing Your Own Key
1. Generate your SSH key (see the [OpenSSH Keys (UNIX)][1] or [PuTTY (Windows)][2] section).
1. Go to [https://extranet.it4i.cz/ssp/index.php?action=changesshkey][a]
1. Enter your username, password and public SSH key.
1. Changes will take effect immediately.
[1]: ./ssh-keys.md
[2]: ./putty.md
[a]: https://extranet.it4i.cz/ssp/index.php?action=changesshkey
# OpenSSH Keys (UNIX)
## Key Management
## Creating Your Own Key
After logging in, you can see the .ssh/ directory with SSH keys and the authorized_keys file:
To generate a new keypair of your public and private key, use the `ssh-keygen` tool:
```console
$ cd /home/username/
$ ls -la .ssh/
total 24
drwx------ 2 username username 4096 May 13 15:12 .
drwxr-x---22 username username 4096 May 13 07:22 ..
-rw-r--r-- 1 username username 392 May 21 2014 authorized_keys
-rw------- 1 username username 1675 May 21 2014 id_rsa
-rw------- 1 username username 1460 May 21 2014 id_rsa.ppk
-rw-r--r-- 1 username username 392 May 21 2014 id_rsa.pub
local $ ssh-keygen -C 'username@organization.example.com' -f additional_key
```
!!! hint
Private keys in the .ssh directory are without a passphrase and allow you to connect within the cluster.
## Access Privileges on .ssh Folder
* .ssh directory: `700 (drwx------)`
* Authorized_keys, known_hosts and public key (.pub file): `644 (-rw-r--r--)`
* Private key (id_rsa/id_rsa.ppk): `600 (-rw-------)`
```console
$ cd /home/username/
$ chmod 700 .ssh/
$ chmod 644 .ssh/authorized_keys
$ chmod 644 .ssh/id_rsa.pub
$ chmod 644 .ssh/known_hosts
$ chmod 600 .ssh/id_rsa
$ chmod 600 .ssh/id_rsa.ppk
```
!!! note
Enter a **strong** **passphrase** for securing your private key.
## Private Key
......@@ -84,27 +60,8 @@ An example of public key format:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpujuOiTKCcGkbbBhrk0Hjmezr5QpM0swscXQE7fOZG0oQSURoapd9tjC9eVy5FvZ339jl1WkJkdXSRtjc2G1U5wQh77VE5qJT0ESxQCEw0S+CItWBKqXhC9E7gFY+UyP5YBZcOneh6gGHyCVfK6H215vzKr3x+/WvWl5gZGtbf+zhX6o4RJDRdjZPutYJhEsg/qtMxcCtMjfm/dZTnXeafuebV8nug3RCBUflvRb1XUrJuiX28gsd4xfG/P6L/mNMR8s4kmJEZhlhxpj8Th0iIc+XciVtXuGWQrbddcVRLxAmvkYAPGnVVOQeNj69pqAR/GXaFAhvjYkseEowQao1 username@organization.example.com
```
## How to Add Your Own Key
First, generate a new keypair of your public and private key:
```console
local $ ssh-keygen -C 'username@organization.example.com' -f additional_key
```
!!! note
Enter a **strong** **passphrase** for securing your private key.
You can insert an additional public key into the authorized_keys file for authentication with your own private key. Additional records in the authorized_keys file must be delimited by a new line. Users are not advised to remove the default public key from the authorized_keys file.
Example:
```console
$ cat additional_key.pub >> ~/.ssh/authorized_keys
```
In this example, we add an additional public key stored in the additional_key.pub file into the authorized_keys file. Next time we log in, we will be able to use the private addtional_key key to log in.
## Managing Your SSH Key
## How to Remove Your Own Key
To manage your SSH key for authentication to clusters, see the [SSH Key Management][1] section.
Removing your key from authorized_keys can be done simply by deleting the corresponding public key which can be identified by a comment at the end of line (e.g. _username@organization.example.com_).
[1]: ./ssh-key-management.md
......@@ -61,6 +61,7 @@ nav:
- Capacity Computing: general/capacity-computing.md
- Migrating from SLURM: general/slurmtopbs.md
- Connect to the Clusters:
- SSH Key Management: general/accessing-the-clusters/shell-access-and-data-transfer/ssh-key-management.md
- OpenSSH Keys (UNIX): general/accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md
- PuTTY (Windows): general/accessing-the-clusters/shell-access-and-data-transfer/putty.md
- X Window System: general/accessing-the-clusters/graphical-user-interface/x-window-system.md
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment