Link to section 'General overview' of 'SSH Keys' General overview
To connect to Hammer using SSH keys, you must follow three high-level steps:
- Generate a key pair consisting of a private and a public key on your local machine.
- Copy the public key to the cluster and append it to
$HOME/.ssh/authorized_keysfile in your account.
- Test if you can ssh from your local computer to the cluster without using your Purdue password.
Detailed steps for different operating systems and specific SSH client softwares are give below.
Link to section 'Mac and Linux:' of 'SSH Keys' Mac and Linux:
ssh-keygenin a terminal on your local machine. You may supply a filename and a passphrase for protecting your private key, but it is not mandatory. To accept the default settings, press Enter without specifying a filename.
Note: If you do not protect your private key with a passphrase, anyone with access to your computer could SSH to your account on Hammer.
By default, the key files will be stored in
~/.ssh/id_rsa.pubon your local machine.
Copy the contents of the public key into
$HOME/.ssh/authorized_keyson the cluster with the following command. Note: use Boilerkey 2FA when asked for a password after 2FA deployment. Please see 2FA deployment schedule for each cluster!
ssh-copy-id -i ~/.ssh/id_rsa.pub email@example.com
If your system does not have the
ssh-copy-idcommand, use this instead:
cat ~/.ssh/id_rsa.pub | ssh firstname.lastname@example.org "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys"
Test the new key by SSH-ing to the server. The login should now complete without asking for a password.
If the private key has a non-default name or location, you need to specify the key by
ssh -i my_private_key_name email@example.com
|MobaXterm||Open a local terminal and follow Linux steps|
|Git Bash||Follow Linux steps|
|Windows 10 PowerShell||Follow Linux steps|
|Windows 10 Subsystem for Linux||Follow Linux steps|
|PuTTY||Follow steps below|
Launch PuTTYgen, keep the default key type (RSA) and length (2048-bits) and click Generate button.
Once the key pair is generated:
Use the Save public key button to save the public key, e.g.
Use the Save private key button to save the private key, e.g.
Documents\SSH_Keys\mylaptop_private_key.ppk. When saving the private key, you can also choose a reminder comment, as well as an optional passphrase to protect your key, as shown in the image below. Note: If you do not protect your private key with a passphrase, anyone with access to your computer could SSH to your account on Hammer.
From the menu of PuTTYgen, use the "Conversion -> Export OpenSSH key" tool to convert the private key into openssh format, e.g.
Documents\SSH_Keys\mylaptop_private_key.opensshto be used later for Thinlinc.
Configure PuTTY to use key-based authentication:
Launch PuTTY and navigate to "Connection -> SSH ->Auth" on the left panel, click Browse button under the "Authentication parameters" section and choose your privite key, e.g. mylaptop_private_key.ppk
Navigate back to "Session" on the left panel. Highlight "Default Settings" and click the "Save" button to ensure the change in place.
Connect to the cluster (note: if after the 2FA deployment date, make sure to use Boilerkey 2FA when asked for a password). Copy the contents of public key from PuTTYgen as shown below and paste it into
$HOME/.ssh/authorized_keys. Please double-check that your text editor did not wrap or fold the pasted value (it should be one very long line).
- Test by connecting to the cluster and no BoilerKey 2FA should be needed. If you chose to protect your private key with a passphrase in step 2, you will be prompted to enter the passphrase when connecting.