Generate SSH keysο
We provide info here how to generate SSH keys on different laptops and to copy a public key to your account on the HPC3 cluster.
Generate SSH keys on macOSο
We assume your ssh
is from OpenSSH, for other ssh distributions please
use your specific software instructions.
Open your Terminal application
In the Terminal window check your ssh software is OpenSSH
ssh -V OpenSSH_8.6p1, LibreSSL 3.3.6
The output shows OpenSSH, your version may differ depending on your installed ssh.
Create ssh keys
To create the keys, one needs to choose:
name for ssh keys files; this needs to be a single word with no spaces
comment to add to the key; use your UCINetID
very strong passphrase must be used for protecting your SSH key; it can contain spaces, numbers and special characters and must be at least 10 characters long. WARNING: Do not use empty passphrase!
In the following example we use the following choices:
- name:
key-to-hpc3
- comment:
βpanteater@uci.edu (MacBook Air)β
- passphrase:
you need to type it twice when prompted
Execute the
ssh-keygen
command to create ssh keys:ssh-keygen -t rsa -f ~/.ssh/key-to-hpc3 -C "panteater@uci.edu (MacBook Air)" Generating public/private rsa key pair. Created directory '/Users/panteater/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/panteater/.ssh/key-to-hpc3 Your public key has been saved in /Users/panteater/.ssh/key-to-hpc3.pub The key fingerprint is: SHA256:KLY8s4Aq1JBrD8pCitYkn7MbZjUu6FOyUzgyuOevSuk panteater@uci.edu (MacBook Air) The key's randomart image is: +---[RSA 3072]----+ |*=T=. | |*.o*. | |=.1. o | |== o + . | |B.X * o S | |=E B o o o | |=. o . . | |.+oo | |==. . | +----[SHA256]-----+
The above command will add a .ssh directory (directory is another name for folder) in your $HOME directory and generate two files there: a private key key-to-hpc3 and a public key key-to-hpc3.pub. They are always generated and work as a pair.
Attention
Private key should NEVER be shared. It remains on your laptop.Alwyas use a non-empty passphrase for your key and remember it!Check your ssh keys. The first command simply lists the contents of your .ssh/ directory, and the second prints the contents of your public ssh key:
ls ~/.ssh key-to-hpc3 key-to-hpc3.pub cat ~/.ssh/key-to-hpc3.pub ssh-rsa AAAA1yc2Ew...characters deleted...97VU0yRlaTxEX= panteater@uci.edu (MacBook Air)
Transfer your public ssh key to HPC3
Attention
For windows,
ssh-copy-id
does not exist, utilize the method Copy ssh keys on WindowsUse
ssh-copy-id
command to copy your public key from your laptop to your account on HPC3.You will be prompted for the standard password and DUO authentication by this command. Use your UCINetID, here is an example session for user panteater:
ssh-copy-id -i ~/.ssh/key-to-hpc3 panteater@hpc3.rcic.uci.edu The authenticity of host 'hpc3.rcic.uci.edu (128.200.221.16)' can't be established. ED25519 key fingerprint is SHA256:KLY8s4Aq1JBrD8pCitYkn7MbZjUu6FOyUzgyuOevSuk. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys (panteater@hpc3.rcic.uci.edu) Password: type your UCInetID password (panteater@hpc3.rcic.uci.edu) Duo two-factor login for panteater Enter a passcode or select one of the following options: 1. Duo Push to XXX-XXX-1234 Passcode or option (1-1): type 1 Number of key(s) added: 1 Now try logging into the machine, with: "ssh panteater@hpc3.rcic.uci.edu" and check to make sure that only the key(s) you wanted were added.
The content of your public key will be added to $HOME/.ssh/authorized_keys file in your HPC3 account.
Create key mapping
This task is done once for generated ssh keys pair.
Your ssh keys are stored in the default directory but they have non-default names. We need to add newly generated keyβs name to the ssh configuration file to let the ssh commands know what keys to use when connecting to HPC3 cluster.
Create ~/.ssh/config file with your choice of editor and add the following:
Host hpc3.rcic.uci.edu IdentityFile ~/.ssh/key-to-hpc3
The ~/ssh/config is a userβs ssh configuiration file that is used by ssh commands. The added content tells ssh to use this specific ssh key when connecting to HPC3.
Generate SSH keys on Linuxο
Follow the of the steps for generating ssh keys on macOS except in the first step use any terminal application that is available on your laptop.
Generate SSH keys on Windows in Powershellο
Follow the of the steps for generating ssh keys on macOS except in the first step use Powershell that is available on your laptop. Once the keys are generated you will need to copy to the contents of your public key to HPC3. See Copy SSH Public Key From Windows to HPC3 below.
Generate SSH keys on Windows with PuttyGenο
PuTTY is a very common terminal program used on Windows laptops and desktops. Other software that can use key-based authentication can also use keys generated by PuTTYgen. This tutorial assumes that you have downloaded and installed PuTTY, Pageant, PuTTYgen (using their MSI-based installer is the simplest method)
Open PuTTYgen from the Windows Start Button to see the following screen and press the Generate button
Assign a passphrase and save both the public and private key.
Note
A reasonable pattern for your private key name ucinetid-to-hpc3 and ucinetid-to-hpc3.pub for the public key. replace ucinetid with your specific id, e.g., panteater.
The private key file is of type ppk for PuTTY Private Key. The private key should remain on your laptop. You will need to copy to the contents of your public key to HPC3. See section Copy SSH Public Key From Windows to HPC3 below.
Copy SSH Public Key From Windows to HPC3ο
Since Windows does not have the convenience of
ssh-copy-id
, one has to type a bit more. The following can be run from either a Command window or a Powershell window to place the key panteater-to-hpc3.pub in the appropriate place.C:> type .\panteater-to-hpc.pub | ssh panteater@hpc3.rcic.uci.edu "cat >> .ssh/authorized_keys" (panteater@hpc3.rcic.uci.edu) Password: type your UCInetID password (panteater@hpc3.rcic.uci.edu) Duo two-factor login for panteater Enter a passcode or select one of the following options: 1. Duo Push to XXX-XXX-1234 Passcode or option (1-1): type 1 C:> The content of your public key will be added to $HOME/.ssh/authorized_keys file in your HPC3 account.
Additional tutorialsο
See Tutorials for additional SSH-related reading.