From a0235be579e7f7646f0f7ba4589ed611378c9deb Mon Sep 17 00:00:00 2001
From: Jan Siwiec <jan.siwiec@vsb.cz>
Date: Tue, 14 Dec 2021 08:57:18 +0100
Subject: [PATCH] Ssh keys

---
 .../shell-access-and-data-transfer/putty.md   | 10 ++--
 .../ssh-key-management.md                     | 18 ++++++
 .../ssh-keys.md                               | 59 +++----------------
 mkdocs.yml                                    |  1 +
 4 files changed, 33 insertions(+), 55 deletions(-)
 create mode 100644 docs.it4i/general/accessing-the-clusters/shell-access-and-data-transfer/ssh-key-management.md

diff --git a/docs.it4i/general/accessing-the-clusters/shell-access-and-data-transfer/putty.md b/docs.it4i/general/accessing-the-clusters/shell-access-and-data-transfer/putty.md
index b8772402e..2a70370b4 100644
--- a/docs.it4i/general/accessing-the-clusters/shell-access-and-data-transfer/putty.md
+++ b/docs.it4i/general/accessing-the-clusters/shell-access-and-data-transfer/putty.md
@@ -5,8 +5,6 @@
 We recommend you to download "**A Windows installer for everything except PuTTYtel**" with **Pageant** (SSH authentication agent) and **PuTTYgen** (PuTTY key generator) which is available [here][a].
 
 !!! note
-    After installation, you can proceed directly to private keys authentication using ["Putty"][1].
-
     "Change Password for Existing Private Key" is optional.
 
     "Generate a New Public/Private key pair" is intended for users without Public/Private key in the initial email containing login credentials.
@@ -101,10 +99,14 @@ You can generate an additional public/private key pair and insert public key int
 
 ![](../../../img/PuttyKeygenerator_006V.png)
 
-* Now you can insert an additional public key into the authorized_keys file for authentication with your own private key.
-      You must log in using the SSH key received after registration. Then proceed to [How to add your own key][2].
+## Managing Your SSH Key
+
+To manage your SSH key for authentication to clusters, see the [SSH Key Management][3] section.
+
+[1]: ./ssh-key-management.md
 
 [1]: #putty
 [2]: ssh-keys.md#how-to-add-your-own-key
+[3]: ./ssh-key-management.md
 
 [a]: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
diff --git a/docs.it4i/general/accessing-the-clusters/shell-access-and-data-transfer/ssh-key-management.md b/docs.it4i/general/accessing-the-clusters/shell-access-and-data-transfer/ssh-key-management.md
new file mode 100644
index 000000000..4040ee6d8
--- /dev/null
+++ b/docs.it4i/general/accessing-the-clusters/shell-access-and-data-transfer/ssh-key-management.md
@@ -0,0 +1,18 @@
+# SSH Key Management
+
+When you first create an account with IT4Innovations, you receive an SSH key with your credentials. However, you can manage your own SSH key for authentication to clusters.
+
+## Managing Your Own Key
+
+1. Generate your SSH key (see the [OpenSSH Keys (UNIX)][1] or [PuTTY (Windows)][2] section).
+
+1. Go to [https://extranet.it4i.cz/ssp/index.php?action=changesshkey][a]
+
+1. Enter your username, password and public SSH key.
+
+1. Changes will take effect immediately.
+
+[1]: ./ssh-keys.md
+[2]: ./putty.md
+
+[a]: https://extranet.it4i.cz/ssp/index.php?action=changesshkey
diff --git a/docs.it4i/general/accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md b/docs.it4i/general/accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md
index a1c301154..ccbf8445d 100644
--- a/docs.it4i/general/accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md
+++ b/docs.it4i/general/accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md
@@ -1,39 +1,15 @@
 # OpenSSH Keys (UNIX)
 
-## Key Management
+## Creating Your Own Key
 
-After logging in, you can see the .ssh/ directory with SSH keys and the authorized_keys file:
+To generate a new keypair of your public and private key, use the `ssh-keygen` tool:
 
 ```console
-$ cd /home/username/
-$ ls -la .ssh/
-    total 24
-    drwx------ 2 username username 4096 May 13 15:12 .
-    drwxr-x---22 username username 4096 May 13 07:22 ..
-    -rw-r--r-- 1 username username 392 May 21 2014 authorized_keys
-    -rw------- 1 username username 1675 May 21 2014 id_rsa
-    -rw------- 1 username username 1460 May 21 2014 id_rsa.ppk
-    -rw-r--r-- 1 username username 392 May 21 2014 id_rsa.pub
+local $ ssh-keygen -C 'username@organization.example.com' -f additional_key
 ```
 
-!!! hint
-    Private keys in the .ssh directory are without a passphrase and allow you to connect within the cluster.
-
-## Access Privileges on .ssh Folder
-
-* .ssh directory: `700 (drwx------)`
-* Authorized_keys, known_hosts and public key (.pub file): `644 (-rw-r--r--)`
-* Private key (id_rsa/id_rsa.ppk): `600 (-rw-------)`
-
-```console
-$ cd /home/username/
-$ chmod 700 .ssh/
-$ chmod 644 .ssh/authorized_keys
-$ chmod 644 .ssh/id_rsa.pub
-$ chmod 644 .ssh/known_hosts
-$ chmod 600 .ssh/id_rsa
-$ chmod 600 .ssh/id_rsa.ppk
-```
+!!! note
+    Enter a **strong** **passphrase** for securing your private key.
 
 ## Private Key
 
@@ -84,27 +60,8 @@ An example of public key format:
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpujuOiTKCcGkbbBhrk0Hjmezr5QpM0swscXQE7fOZG0oQSURoapd9tjC9eVy5FvZ339jl1WkJkdXSRtjc2G1U5wQh77VE5qJT0ESxQCEw0S+CItWBKqXhC9E7gFY+UyP5YBZcOneh6gGHyCVfK6H215vzKr3x+/WvWl5gZGtbf+zhX6o4RJDRdjZPutYJhEsg/qtMxcCtMjfm/dZTnXeafuebV8nug3RCBUflvRb1XUrJuiX28gsd4xfG/P6L/mNMR8s4kmJEZhlhxpj8Th0iIc+XciVtXuGWQrbddcVRLxAmvkYAPGnVVOQeNj69pqAR/GXaFAhvjYkseEowQao1 username@organization.example.com
 ```
 
-## How to Add Your Own Key
-
-First, generate a new keypair of your public and private key:
-
-```console
-local $ ssh-keygen -C 'username@organization.example.com' -f additional_key
-```
-
-!!! note
-    Enter a **strong** **passphrase** for securing your private key.
-
-You can insert an additional public key into the authorized_keys file for authentication with your own private key. Additional records in the authorized_keys file must be delimited by a new line. Users are not advised to remove the default public key from the authorized_keys file.
-
-Example:
-
-```console
-$ cat additional_key.pub >> ~/.ssh/authorized_keys
-```
-
-In this example, we add an additional public key stored in the additional_key.pub file into the authorized_keys file. Next time we log in, we will be able to use the private addtional_key key to log in.
+## Managing Your SSH Key
 
-## How to Remove Your Own Key
+To manage your SSH key for authentication to clusters, see the [SSH Key Management][1] section.
 
-Removing your key from authorized_keys can be done simply by deleting the corresponding public key which can be identified by a comment at the end of line (e.g. _username@organization.example.com_).
+[1]: ./ssh-key-management.md
diff --git a/mkdocs.yml b/mkdocs.yml
index f0eafb1a4..d88a86d50 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -61,6 +61,7 @@ nav:
       - Capacity Computing: general/capacity-computing.md
       - Migrating from SLURM: general/slurmtopbs.md
     - Connect to the Clusters:
+      - SSH Key Management: general/accessing-the-clusters/shell-access-and-data-transfer/ssh-key-management.md
       - OpenSSH Keys (UNIX): general/accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md
       - PuTTY (Windows): general/accessing-the-clusters/shell-access-and-data-transfer/putty.md
       - X Window System: general/accessing-the-clusters/graphical-user-interface/x-window-system.md
-- 
GitLab