SSH Keys
Link to section 'General overview' of 'SSH Keys' General overview
To connect to Gilbreth using SSH keys, you must follow three high-level steps:
- Generate a key pair consisting of a private and a public key on your local machine.
- Copy the public key to the cluster and append it to
$HOME/.ssh/authorized_keys
file in your account. - Test if you can ssh from your local computer to the cluster without using your Purdue password.
Detailed steps for different operating systems and specific SSH client softwares are give below.
Link to section 'Mac and Linux:' of 'SSH Keys' Mac and Linux:
-
Run
ssh-keygen
in a terminal on your local machine. You may supply a filename and a passphrase for protecting your private key, but it is not mandatory. To accept the default settings, press Enter without specifying a filename.
Note: If you do not protect your private key with a passphrase, anyone with access to your computer could SSH to your account on Gilbreth. -
By default, the key files will be stored in
~/.ssh/id_rsa
and~/.ssh/id_rsa.pub
on your local machine. -
Copy the contents of the public key into
$HOME/.ssh/authorized_keys
on the cluster with the following command. When asked for a password, type your password followed by ",push
". Your Purdue Duo client will receive a notification to approve the login.ssh-copy-id -i ~/.ssh/id_rsa.pub myusername@gilbreth.rcac.purdue.edu
Note: use your actual Purdue account user name.
If your system does not have the
ssh-copy-id
command, use this instead:cat ~/.ssh/id_rsa.pub | ssh myusername@gilbreth.rcac.purdue.edu "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys"
-
Test the new key by SSH-ing to the server. The login should now complete without asking for a password.
-
If the private key has a non-default name or location, you need to specify the key by
ssh -i my_private_key_name myusername@gilbreth.rcac.purdue.edu
Link to section 'Windows:' of 'SSH Keys' Windows:
Programs | Instructions |
---|---|
MobaXterm | Open a local terminal and follow Linux steps |
Git Bash | Follow Linux steps |
Windows 10 PowerShell | Follow Linux steps |
Windows 10 Subsystem for Linux | Follow Linux steps |
PuTTY | Follow steps below |
PuTTY:
-
Launch PuTTYgen, keep the default key type (RSA) and length (2048-bits) and click Generate button.
-
Once the key pair is generated:
Use the Save public key button to save the public key, e.g.
Documents\SSH_Keys\mylaptop_public_key.pub
Use the Save private key button to save the private key, e.g.
Documents\SSH_Keys\mylaptop_private_key.ppk
. When saving the private key, you can also choose a reminder comment, as well as an optional passphrase to protect your key, as shown in the image below. Note: If you do not protect your private key with a passphrase, anyone with access to your computer could SSH to your account on Gilbreth.From the menu of PuTTYgen, use the "Conversion -> Export OpenSSH key" tool to convert the private key into openssh format, e.g.
Documents\SSH_Keys\mylaptop_private_key.openssh
to be used later for Thinlinc. -
Configure PuTTY to use key-based authentication:
Launch PuTTY and navigate to "Connection -> SSH ->Auth" on the left panel, click Browse button under the "Authentication parameters" section and choose your private key, e.g. mylaptop_private_key.ppk
Navigate back to "Session" on the left panel. Highlight "Default Settings" and click the "Save" button to ensure the change in place.
-
Connect to the cluster. When asked for a password, type your password followed by "
,push
". Your Purdue Duo client will receive a notification to approve the login. Copy the contents of public key from PuTTYgen as shown below and paste it into$HOME/.ssh/authorized_keys
. Please double-check that your text editor did not wrap or fold the pasted value (it should be one very long line). - Test by connecting to the cluster. If successful, you will not be prompted for a password or receive a Duo notification. If you protected your private key with a passphrase in step 2, you will instead be prompted to enter your chosen passphrase when connecting.