Ssh without password: Difference between revisions
No edit summary |
|||
(26 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
Secure shell (ssh) protocols can be configure to work without | Secure shell (ssh) protocols can be configure to work without entering your password every time. This is particularly helpful for machines that are used often. | ||
Although we mention that you can use SSH keys without passwords, that is something you should really not do, if someone gets a hold of your keys (without password), they can access our servers as if they are you, and thus incur costs/manage data in your name. | |||
== Configuring ssh without password from a POSIX-compliant terminal == | == Configuring ssh without password from a POSIX-compliant terminal == | ||
=== Step 1: create a public key and copy to remote computer === | |||
* Log into a local Linux or MacOSX computer | * Log into a local Linux or MacOSX computer | ||
* Type the following to generate the ssh key: | * Type the following to generate the ssh key: | ||
< | <pre> | ||
ssh-keygen -t | ssh-keygen -t ed25519 -a 200 -C $USER@$(hostname) | ||
</ | </pre> | ||
* Accept the default key location by pressing <code>Enter</code>. | * Accept the default key location by pressing <code>Enter</code>. | ||
* Please use a '''different''' password/passphrase for your SSH key than your WUR password. | |||
* Secure permission of your authentication keys by closing permission to your home directory, .ssh directory, and authentication files | * Secure permission of your authentication keys by closing permission to your home directory, .ssh directory, and authentication files | ||
< | <pre> | ||
chmod go- | chmod go-wx $HOME | ||
chmod 700 $HOME/.ssh | chmod 700 $HOME/.ssh | ||
chmod | chmod 600 $HOME/.ssh/* | ||
</ | </pre> | ||
* Type the following to copy the key to the remote server. | * Type the following to copy the key to the remote server (this will prompt for a password). | ||
< | <pre> | ||
ssh-copy-id remote_username@remote_host | |||
</pre> | |||
</ | |||
== Configuring ssh without password for Anunna == | |||
* Create a public key as in Step 1 of the previous section and copy it to Anunna. Note that a public/private key pair needs to be made only once per machine. | |||
* Similar to step 2 of the previous section, add the public key to the <code>$HOME/.ssh/authorized_keys2</code> file. There is already a <code>$HOME/.ssh/authorized_keys</code> present. You may append the key to this file as an alternative, but take care not to remove content that is already there. The cluster is configured so that passwordless communication will all other nodes is default. | |||
== Configuring ssh without password using PuTTY == | |||
Use '''pageant''': http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter9.html to generate local keys. You'll want have a copy of the pubkey in plaintext available. | |||
Make sure to paste that plaintext string into ~/.ssh/authorized_keys in one single line. Chmod the file 600 (so it shows -rw------- in ls -l) and the directory .ssh to 700 (drwx------). | |||
Now PuTTY will login passwordlessly whenever '''pageant''' is running. | |||
Finally, get '''pageant''' to load on startup: http://blog.shvetsov.com/2010/03/making-pageant-automatically-load-keys.html | |||
== Configuring ssh without password using MobaXterm == | |||
Have a look here: https://docs.gcc.rug.nl/hyperchicken/generate-key-pair-mobaxterm/ | |||
== Configuring ssh without password using WinSCP == | |||
WinSCP has provided a detailed instruction in https://winscp.net/eng/docs/public_key, and https://winscp.net/eng/docs/ui_login_authentication | |||
== Configuring ssh without password on a Mac == | |||
* Create a public key as in Step 1 of the first section and copy it to Anunna. | |||
* Add the passphrase that you entered above to the keychain on your mac: | |||
ssh-add -K /path/to/private/key/file | |||
== Selecting which settings to use == | |||
To have your SSH client to use certain settings, one can use a config file, at ~/.ssh/config | |||
For example : | |||
<pre> | |||
Host *.wurnet.nl *.wur.nl | |||
User haars001 | |||
Compression no | |||
RequestTTY force | |||
Host * | |||
Compression yes | |||
Protocol 2 | |||
ServerAliveInterval 120 | |||
ServerAliveCountMax 50 | |||
TCPKeepAlive no | |||
ConnectTimeout 60 | |||
IdentityFile ~/.ssh/id_ed25519 | |||
AddKeysToAgent yes | |||
</pre> | |||
As the config file is used top to bottom, the connection wur(net).nl servers will be using no compression, but the rest of the servers you might access will. | |||
More options and settings can be found by using `man ssh_config` | |||
== See also == | |||
* [[log_in_to_Anunna | Logging into cluster using ssh and file transfer]] | |||
== External Links == |
Latest revision as of 14:47, 21 November 2024
Secure shell (ssh) protocols can be configure to work without entering your password every time. This is particularly helpful for machines that are used often. Although we mention that you can use SSH keys without passwords, that is something you should really not do, if someone gets a hold of your keys (without password), they can access our servers as if they are you, and thus incur costs/manage data in your name.
Configuring ssh without password from a POSIX-compliant terminal
Step 1: create a public key and copy to remote computer
- Log into a local Linux or MacOSX computer
- Type the following to generate the ssh key:
ssh-keygen -t ed25519 -a 200 -C $USER@$(hostname)
- Accept the default key location by pressing
Enter
. - Please use a different password/passphrase for your SSH key than your WUR password.
- Secure permission of your authentication keys by closing permission to your home directory, .ssh directory, and authentication files
chmod go-wx $HOME chmod 700 $HOME/.ssh chmod 600 $HOME/.ssh/*
- Type the following to copy the key to the remote server (this will prompt for a password).
ssh-copy-id remote_username@remote_host
Configuring ssh without password for Anunna
- Create a public key as in Step 1 of the previous section and copy it to Anunna. Note that a public/private key pair needs to be made only once per machine.
- Similar to step 2 of the previous section, add the public key to the
$HOME/.ssh/authorized_keys2
file. There is already a$HOME/.ssh/authorized_keys
present. You may append the key to this file as an alternative, but take care not to remove content that is already there. The cluster is configured so that passwordless communication will all other nodes is default.
Configuring ssh without password using PuTTY
Use pageant: http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter9.html to generate local keys. You'll want have a copy of the pubkey in plaintext available.
Make sure to paste that plaintext string into ~/.ssh/authorized_keys in one single line. Chmod the file 600 (so it shows -rw------- in ls -l) and the directory .ssh to 700 (drwx------).
Now PuTTY will login passwordlessly whenever pageant is running.
Finally, get pageant to load on startup: http://blog.shvetsov.com/2010/03/making-pageant-automatically-load-keys.html
Configuring ssh without password using MobaXterm
Have a look here: https://docs.gcc.rug.nl/hyperchicken/generate-key-pair-mobaxterm/
Configuring ssh without password using WinSCP
WinSCP has provided a detailed instruction in https://winscp.net/eng/docs/public_key, and https://winscp.net/eng/docs/ui_login_authentication
Configuring ssh without password on a Mac
- Create a public key as in Step 1 of the first section and copy it to Anunna.
- Add the passphrase that you entered above to the keychain on your mac:
ssh-add -K /path/to/private/key/file
Selecting which settings to use
To have your SSH client to use certain settings, one can use a config file, at ~/.ssh/config
For example :
Host *.wurnet.nl *.wur.nl User haars001 Compression no RequestTTY force Host * Compression yes Protocol 2 ServerAliveInterval 120 ServerAliveCountMax 50 TCPKeepAlive no ConnectTimeout 60 IdentityFile ~/.ssh/id_ed25519 AddKeysToAgent yes
As the config file is used top to bottom, the connection wur(net).nl servers will be using no compression, but the rest of the servers you might access will. More options and settings can be found by using `man ssh_config`