Ssh without password: Difference between revisions

From HPCwiki
Jump to navigation Jump to search
No edit summary
No edit summary
(16 intermediate revisions by 3 users not shown)
Line 7: Line 7:
* Type the following to generate the ssh key:
* Type the following to generate the ssh key:
<source lang='bash'>
<source lang='bash'>
ssh-keygen -t dsa
ssh-keygen -t ed25519 -a 200 -C $USER@$(hostname)
</source>
</source>
* Accept the default key location by pressing <code>Enter</code>.
* Accept the default key location by pressing <code>Enter</code>.
* Please use a different password/passphrase for your SSH key than your WUR password.
* Secure permission of your authentication keys by closing permission to your home directory, .ssh directory, and authentication files
* Secure permission of your authentication keys by closing permission to your home directory, .ssh directory, and authentication files
<source lang='bash'>
<source lang='bash'>
chmod go-w $HOME
chmod go-wx $HOME
chmod 700 $HOME/.ssh
chmod 700 $HOME/.ssh
chmod go-rwx $HOME/.ssh/*
chmod 600 $HOME/.ssh/*
</source>
</source>
* Type the following to copy the key to the remote server (this will prompt for a password).
* Type the following to copy the key to the remote server (this will prompt for a password).
<source lang='bash'>
<source lang='bash'>
cd ~/.ssh
ssh-copy-id remote_username@remote_host
scp id_dsa.pub remote_username@remote_host:/tmp
</source>
</source>
* Type the following to add the ssh key to the remote user's authorization keys (this will prompt for a password).
ssh remote_username@remote_host 'cat /tmp/id_dsa.pub >>/home/


=== Step 2: configure the public key from the local computer on the remote computer ===
== Configuring ssh without password for Anunna ==
* log in to the remote computer using ssh (this will prompt for a password)
 
* Create a public key as in Step 1 of the previous section and copy it to Anunna. Note that a public/private key pair needs to be made only once per machine.
* Similar to step 2 of the previous section, add the public key to the <code>$HOME/.ssh/authorized_keys2</code> file. There is already a <code>$HOME/.ssh/authorized_keys</code> present. You may append the key to this file as an alternative, but take care not to remove content that is already there. The cluster is configured so that passwordless communication will all other nodes is default.
 
== Configuring ssh without password using PuTTY ==
Use pAGEaNT: http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter9.html to generate local keys. You'll want have a copy of the pubkey in plaintext available.
 
Make sure to paste that plaintext string into ~/.ssh/authorized_keys in one single line. Chmod the file 600 (so it shows -rw------- in ls -l) and the directory .ssh to 700 (drwx------).
 
Now PuTTY will login passwordlessly whenever pAGEaNT is running.
 
Finally, get pAGEaNT to load on startup: http://blog.shvetsov.com/2010/03/making-pageant-automatically-load-keys.html
 
== Configuring ssh without password on a Mac ==
* Create a public key as in Step 1 of the first section and copy it to Anunna.
* Add the passphrase that you entered above to the keychain on your mac:
ssh-add -K /path/to/private/key/file
 
== Selecting which settings to use ==
 
To have your SSH client to use certain settings, one can use a config file, at ~/.ssh/config
 
For example :
<source lang='bash'>
<source lang='bash'>
ssh remote_username@remote_host
 
</source>
Host *.wurnet.nl *.wur.nl
* copy the public key generated on the local computer, that was copied to <code>/tmp</code> on the remote computer, is now appended to <code>.ssh/authorized_keys</code>.
    User                    haars001
<source lang='bash'>
    Compression            no
cat /tmp/id_dsa.pub >>$HOME/.ssh/authorized_keys2
    RequestTTY              force
</source>
 
* similar to your local computer, make sure the permission on your remote home folder, .ssh folder, and authentication files are properly set (NOTE: this may already be the case).<source lang='bash'>
Host *
<source lang='bash'>
    Compression            yes
chmod go-w $HOME
    Protocol                2
chmod 700 $HOME/.ssh
    ServerAliveInterval    120
chmod go-rwx $HOME/.ssh/*
    ServerAliveCountMax    50
    TCPKeepAlive            no
    ConnectTimeout          60
    IdentityFile ~/.ssh/id_ed25519
    AddKeysToAgent yes
 
</source>
</source>
As the config file is used top to bottom, the connection wur(net).nl servers will be using no compression, but the rest of the servers you might access will.
More options and settings can be found by using `man ssh_config`
== See also ==
* [[log_in_to_Anunna | Logging into cluster using ssh and file transfer]]
== External Links ==

Revision as of 11:22, 8 January 2021

Secure shell (ssh) protocols can be configure to work without protocols. This is particularly helpful for machines that are used often.

Configuring ssh without password from a POSIX-compliant terminal

Step 1: create a public key and copy to remote computer

  • Log into a local Linux or MacOSX computer
  • Type the following to generate the ssh key:

<source lang='bash'> ssh-keygen -t ed25519 -a 200 -C $USER@$(hostname) </source>

  • Accept the default key location by pressing Enter.
  • Please use a different password/passphrase for your SSH key than your WUR password.
  • Secure permission of your authentication keys by closing permission to your home directory, .ssh directory, and authentication files

<source lang='bash'> chmod go-wx $HOME chmod 700 $HOME/.ssh chmod 600 $HOME/.ssh/* </source>

  • Type the following to copy the key to the remote server (this will prompt for a password).

<source lang='bash'> ssh-copy-id remote_username@remote_host </source>

Configuring ssh without password for Anunna

  • Create a public key as in Step 1 of the previous section and copy it to Anunna. Note that a public/private key pair needs to be made only once per machine.
  • Similar to step 2 of the previous section, add the public key to the $HOME/.ssh/authorized_keys2 file. There is already a $HOME/.ssh/authorized_keys present. You may append the key to this file as an alternative, but take care not to remove content that is already there. The cluster is configured so that passwordless communication will all other nodes is default.

Configuring ssh without password using PuTTY

Use pAGEaNT: http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter9.html to generate local keys. You'll want have a copy of the pubkey in plaintext available.

Make sure to paste that plaintext string into ~/.ssh/authorized_keys in one single line. Chmod the file 600 (so it shows -rw------- in ls -l) and the directory .ssh to 700 (drwx------).

Now PuTTY will login passwordlessly whenever pAGEaNT is running.

Finally, get pAGEaNT to load on startup: http://blog.shvetsov.com/2010/03/making-pageant-automatically-load-keys.html

Configuring ssh without password on a Mac

  • Create a public key as in Step 1 of the first section and copy it to Anunna.
  • Add the passphrase that you entered above to the keychain on your mac:
ssh-add -K /path/to/private/key/file

Selecting which settings to use

To have your SSH client to use certain settings, one can use a config file, at ~/.ssh/config

For example : <source lang='bash'>

Host *.wurnet.nl *.wur.nl 

   User                    haars001
   Compression             no
   RequestTTY              force

Host * 

   Compression             yes
   Protocol                2
   ServerAliveInterval     120
   ServerAliveCountMax     50
   TCPKeepAlive            no
   ConnectTimeout          60
   IdentityFile ~/.ssh/id_ed25519
   AddKeysToAgent yes

</source>

As the config file is used top to bottom, the connection wur(net).nl servers will be using no compression, but the rest of the servers you might access will. More options and settings can be found by using `man ssh_config`

See also

External Links

Retrieved from "https://wiki.anunna.wur.nl/index.php?title=Ssh_without_password&oldid=2098"