|
Size: 1273
Comment:
|
Size: 3006
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| = SSH key Management = | = SSH Key Management = SSH Keys is a way of identifying yourself to an SSH server using cryptography instead of the traditional username and password combination. This method has several advantages over the password based authentication: the passwords are not sent to trough the network, there is no risk for brute force attacks and when using together with the SSH agent it is possible to login to multiple servers without entering your credentials again and again. At IFCA it is highly reccomended to use SSH Key authentication for accessing the [[Cluster]]. We reccomend the reading of the fantastic [[https://wiki.archlinux.org/index.php/SSH_Keys|Arch Linux SSH Keys guide]] for more details. Some instructions are provided below though. |
| Line 7: | Line 19: |
| Check [[/Putty]] for more information. | Check [[/Putty|this page]] for more information. |
| Line 11: | Line 23: |
| Check [[/Linux|this page]] for more information. |
|
| Line 12: | Line 26: |
Once you have your key ready, you must install it on the server you are going to access. === Using the authorized_keys file === You have to access (using SSH and your username and password) to the machine where you want to use your public key and add the contents of your public key file to the `.ssh/authorized_keys`. If you are using GNU/Linux, you can add it with the following command: {{{ $ ssh-copy-id username@gridui.ifca.es }}} This will install your ssh public key both infrastructures (Scientific Linux 5 and Scientific Linux 6). |
|
| Line 15: | Line 43: |
| 1. Login to https://cerbero.ifca.es | Authentication at IFCA is centralized, meaning that you can install your key centrally at https://cerbero.ifca.es/ and use it when accessing any Scientific Linux 6 machines (that is, the new gridui cluster that can be accessed trough `griduisl6.ifca.es`. {{{#!wiki caution Note that this method will only work for Scientific Linux 6 machines (i.e. `griduisl6.ifca.es`). }}} 1. Login to https://cerbero.ifca.es |
| Line 18: | Line 52: |
| 2. Click "POSIX" in order to edit your POSIX settings. | 2. Click `POSIX` in order to edit your POSIX settings. |
| Line 21: | Line 55: |
| 3. Click "Edit" button. | 3. Click `Edit` button. |
| Line 24: | Line 58: |
| 4. Click "Edit public ssh keys..." button. | 4. Click `Edit public ssh keys...` button. |
| Line 27: | Line 61: |
| 5. From this screen you can manage the the public SSH keys that you have added to your account. You can have several keys (for example, one for the office PC, another, for your laptop, etc.). Click "Browse" to select the file of your public key and upload it to the server. | 5. From this screen you can manage the the public SSH keys that you have added to your account. You can have several keys (for example, one for the office PC, another, for your laptop, etc.). Click `Browse` to select the file of your public key and upload it to the server. |
| Line 30: | Line 64: |
| 6. Search the file containing your public key and upload it. | 6. Search the file containing your public key and upload it. |
| Line 33: | Line 67: |
| 7. Click "Upload" and your public key will be added. | 7. Click `Upload` and your public key will be added. |
| Line 36: | Line 70: |
| 8. You're almost done, your key has been added. Click save to accept the changes. | 8. You're almost done, your key has been added. Click `Save` to accept the changes. |
| Line 39: | Line 73: |
| 9. Click "OK" and now you will be able to login using your SSH key. | 9. Click `OK` and now you will be able to login using your SSH key. |
| Line 42: | Line 76: |
=== Using the authorized_keys file === |
---- CategoryUserSupport |
SSH Key Management
SSH Keys is a way of identifying yourself to an SSH server using cryptography instead of the traditional username and password combination. This method has several advantages over the password based authentication: the passwords are not sent to trough the network, there is no risk for brute force attacks and when using together with the SSH agent it is possible to login to multiple servers without entering your credentials again and again.
At IFCA it is highly reccomended to use SSH Key authentication for accessing the Cluster.
We reccomend the reading of the fantastic Arch Linux SSH Keys guide for more details. Some instructions are provided below though.
1. SSH Key creation
1.1. Windows (PuTTY)
Check this page for more information.
1.2. Linux
Check this page for more information.
2. Upload key
Once you have your key ready, you must install it on the server you are going to access.
2.1. Using the authorized_keys file
You have to access (using SSH and your username and password) to the machine where you want to use your public key and add the contents of your public key file to the .ssh/authorized_keys. If you are using GNU/Linux, you can add it with the following command:
$ ssh-copy-id username@gridui.ifca.es
This will install your ssh public key both infrastructures (Scientific Linux 5 and Scientific Linux 6).
2.2. Using cerbero
Authentication at IFCA is centralized, meaning that you can install your key centrally at https://cerbero.ifca.es/ and use it when accessing any Scientific Linux 6 machines (that is, the new gridui cluster that can be accessed trough griduisl6.ifca.es.
Note that this method will only work for Scientific Linux 6 machines (i.e. griduisl6.ifca.es).
Login to https://cerbero.ifca.es
Click POSIX in order to edit your POSIX settings.
Click Edit button.
Click Edit public ssh keys... button.
From this screen you can manage the the public SSH keys that you have added to your account. You can have several keys (for example, one for the office PC, another, for your laptop, etc.). Click Browse to select the file of your public key and upload it to the server.
- Search the file containing your public key and upload it.
Click Upload and your public key will be added.
You're almost done, your key has been added. Click Save to accept the changes.
Click OK and now you will be able to login using your SSH key.
