other:ssh
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
other:ssh [2022/11/18 17:15] jypeter [More...] emacs info moved to the instructions for new people |
other:ssh [2023/03/16 15:03] jypeter [Generating ssh keys] |
||
|---|---|---|---|
| Line 75: | Line 75: | ||
| * [[https://documentations.ipsl.fr/MESO_User/Quick_start.html|More details]] | * [[https://documentations.ipsl.fr/MESO_User/Quick_start.html|More details]] | ||
| - | === TGCC servers === | + | === TGCC (super)computers === |
| - | If you want to connect to the the **TGCC servers**: | + | If you want to use the [[https://www-hpc.cea.fr/tgcc-public/en/html/tgcc-public.html|TGCC computers]] (e.g. ''irene''): |
| - | * Connecting to ''irene'': | + | |
| - | * Note: you have to go trough ''ssh1'', even if you are on the LSCE network! | + | |
| - | * ''ssh -A -X my_LSCE_login@ssh1.lsce.ipsl.fr -t ssh -A -X my_TGCC_login@irene-ccrt.ccc.cea.fr'' | + | |
| - | * The [[https://intranet.lsce.ipsl.fr/informatique/en/tgcc.php|TGCC connection details]] may vary, depending on your login type | + | |
| - | === IDRIS servers === | + | * Note: you have to go //trough// the ''ssh1'' LSCE gateway to access the TGCC, even if you are on the LSCE wired network! |
| + | * ''ssh -A -X my_LSCE_login@ssh1.lsce.ipsl.fr -t ssh -A -X my_TGCC_login@some_tgcc_login_node'' | ||
| + | * Once you are on a TGCC login node (e.g. ''irene''), you can get lots of information by typing ''<node>.info'' (e.g. ''irene.info'') | ||
| + | * [[https://intranet.lsce.ipsl.fr/informatique/en/tgcc.php|more TGCC connection details]] | ||
| + | |||
| + | === IDRIS (super)computers === | ||
| FIXME | FIXME | ||
| Line 141: | Line 142: | ||
| ==== Configuration files ==== | ==== Configuration files ==== | ||
| - | ''ssh'' will store all its **configuration text files** in a ''.ssh'' sub-directory of your //home// directory | + | ''ssh'' will store all its **configuration files** in a ''.ssh'' sub-directory of your //home// directory. The configuration files are in a //text// format. |
| - | * Linux: ''~/.ssh/'' directory | + | * **Linux**: ''~/.ssh/'' directory |
| - | * Windows: ''C:\Users\your_windows_login\.ssh'' directory | + | * **Windows**: ''C:\Users\your_windows_login\.ssh'' directory |
| - | * Mac: ''/Users/your_mac_login/.ssh'' directory (should be the same path as ''~/.ssh/'') | + | * **Mac**: ''/Users/your_mac_login/.ssh'' directory (should be the same path as ''~/.ssh/'') |
| You will find (some of) the following text files: | You will find (some of) the following text files: | ||
| Line 156: | Line 157: | ||
| ServerAliveCountMax=90</code> | ServerAliveCountMax=90</code> | ||
| - | * [[#using_ssh_keys|ssh keys]] related information | + | * [[#using_ssh_keys|ssh keys]] related information: |
| * ''authorized_keys'': the //public key(s)// of the account(s) authorized to connect to //this// account. | * ''authorized_keys'': the //public key(s)// of the account(s) authorized to connect to //this// account. | ||
| - | * the private (and possibly the public) //ssh key(s)// used on this account | + | * the **//private// (and probably the //public//) //ssh key(s)//** used on this account |
| + | * e.g. ''id_ed25519'' and ''id_ed25519.pub'' files | ||
| ==== A recommended ssh client for Windows ==== | ==== A recommended ssh client for Windows ==== | ||
| Line 302: | Line 304: | ||
| === Some common sense advice === | === Some common sense advice === | ||
| - | |||
| * **Generate only one pair of private/public keys and use the same pair of keys everywhere!**\\ Put differently, do not generate a different pair of key on each computer/server you use (even if you always use the same passphrase)! | * **Generate only one pair of private/public keys and use the same pair of keys everywhere!**\\ Put differently, do not generate a different pair of key on each computer/server you use (even if you always use the same passphrase)! | ||
| - | * <wrap em>Do not use an empty passphrase!</wrap>\\ If you do that, somebody gaining access to your private key will be able to access all the accounts where you have installed your public key | + | * <wrap em>Do not use an empty passphrase!</wrap>\\ If you do that, somebody gaining access to your private key will be able to access all the accounts where you have installed your public key... You obviously do not want that, right? |
| * **Keep a backup of your your keys outside of the computer where they were generated** | * **Keep a backup of your your keys outside of the computer where they were generated** | ||
| * Useful if you erase or overwrite the keys by mistake, or if you move to another lab and use a new computer/account, but still need to access the accounts where you have installed your public key... | * Useful if you erase or overwrite the keys by mistake, or if you move to another lab and use a new computer/account, but still need to access the accounts where you have installed your public key... | ||
| - | * If you have not used an empty passphrase, and have not saved the passphrase in a file with the keys, the keys can't be used easily by somebody else to gain access to your accounts | + | * If you have not used an empty passphrase, and have not saved the passphrase in the same directory as the keys, the keys can't be used (easily) by somebody else to gain access to your accounts |
| - | * **Do not forget your passphrase!**\\ Do not write your passphrase on a postit taped to your computer. When you create your keys and type your passphrase, choose something that you will be able to remember during several years | + | * **Do not forget your passphrase!** |
| + | * Do not write your passphrase on a post-it taped to your computer | ||
| + | * When you create your keys and type your passphrase, choose something that you will be able to easily remember during several years. It can even be a long (but easy to remember!) sentence! | ||
| + | * Easy to remember passphrase example: "//I love working at LSCE!//" | ||
| - | === Generating keys in a terminal === | + | === Generating keys in a terminal (Linux and Mac) === |
| - | Remember that if you already have a pair of keys, you probably don't want to generate a new pair, unless you have been asked to, or have lost one of the keys, or forgotten your passphrase. If you generate a new pair of keys, you will probably have to replace the old keys that you were using on all the remote servers | + | If you already have a pair of ssh keys, you probably don't want to generate a new pair, unless you have been asked to (e.g. because an old encryption type like //DSA// has been deprecated), or you have lost one of the keys, or forgotten your passphrase. If you generate a new pair of keys, you will have to replace the old keys that you were using on all your desktops/laptops, and all the remote servers |
| - | There are several ways to generate pairs of ssh keys with ''ssh-keygen''. The following one is the one recommended for opening an account on [[https://mesocentre.ipsl.fr/account-opening/|IPSL Mésocentre ESPRI]]. If you open an account on ''ciclad'', but already have a public key, just send your existing public key! | + | There are several ways to generate pairs of ssh keys with ''ssh-keygen''. The following one is the one recommended for opening an account on [[https://mesocentre.ipsl.fr/account-opening/|IPSL Mésocentre ESPRI]]. If you open an account on ''spirit'', but already have a public key, just **send your existing public key**! |
| - | * Type ''ssh-keygen -t rsa -b 4096'' | + | * Type ''ssh-keygen -t ed25519'' |
| * Accept the default path and key name | * Accept the default path and key name | ||
| * <wrap em>Do not specify an empty passphrase!</wrap> | * <wrap em>Do not specify an empty passphrase!</wrap> | ||
| - | * This will generate two text //key// files in a sub-directory of your account (''~/.ssh/'' on Linux, ''C:\Users\my_login\.ssh\'' on Windows 10): | + | * Note: ''ssh-keygen -t ed25519'' will also work on Windows! But then you will still have to [[other:putty_conf#converting_existing_ssh_keys_with_puttygen|convert the generated private key with PuTTYgen]] |
| - | * The private key, that has to be readable only by you: ''id_rsa''\\ <code> > cd ~/.ssh | + | * This will generate two text //key// files in the [[other:ssh#configuration_files|ssh configuration directory]]: |
| - | > ls -l id_dsa | + | * The **//private// key**: ''id_ed25519'' |
| - | -rw------- 1 my_login my_group some_date id_rsa | + | * Note: on a Linux computer, the private key has to be readable only by you, otherwise ''ssh'' will not work |
| - | > cat id_rsa | + | * <code> > cd ~/.ssh |
| - | -----BEGIN RSA PRIVATE KEY----- | + | > ls -l id_ed25519 |
| - | Proc-Type: 4,ENCRYPTED | + | -rw------- 1 my_login my_group some_date id_ed25519 |
| - | DEK-Info: AES-128-CBC,906569054A4C58A28AD23CBA28771EDE | + | > cat id_ed25519 |
| - | + | -----BEGIN OPENSSH PRIVATE KEY----- | |
| - | C/Aacy+qcSWIG56eWc3XQhm2oyfAVKFKVm54pwoCmIZ5nmLx/8kV8XcDcMHxoWIz | + | b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC7W9+Eu7 |
| - | xgc3cPwxNczIS/i4A0AOk3uI8JiT8RVLELVbn+B5T0ewbvMjln4Ec/7W9+aNe/NF | + | |
| [ lots of literally cryptic lines ] | [ lots of literally cryptic lines ] | ||
| - | v/rj1Ze/PEQ+nVX3dh3FB1TaL/aNm48PBP9WQQXm011PY6isZJklyWANGJ6jtOf9 | + | cG7sHta/m1cOGM8ej7yD8ejCRMKGX1pEqGx/8= |
| - | -----END RSA PRIVATE KEY-----</code> | + | -----END OPENSSH PRIVATE KEY-----</code> |
| - | * The public key: ''id_rsa**.pub**''\\ This is the information that you can share. Note that the ''my_login@my_machine'' at the end of the line is just some information about who generated the keys, and where, and can be removed or replaced by something more informative\\ <code> > cat id_rsa.pub | + | * The **//public// key**: ''id_ed25519**.pub**'' |
| - | ssh-rsa AAAAB3NzaC1yc2EAAAADAQ [ lots of cryptic characters ] 8WPbpreOOrIbNw== my_login@my_machine</code> | + | * This is the //key// that **you can share**, or that you have to send when opening an account on [[https://mesocentre.ipsl.fr/account-opening/|IPSL Mésocentre ESPRI]]. |
| + | * Note that the ''my_login@my_machine'' string at the end of the line is just some information about who generated the keys, and where, and can be removed or replaced by something more informative | ||
| + | * <code> > cat id_ed25519.pub | ||
| + | ssh-ed25519 AAAAC3NzaC1lZDI1NT [ lots of cryptic characters ] Frx8rRFKthpmqRdkXl my_login@my_machine</code> | ||
| - | === Generating or importing keys with PuTTY on a Windows computer === | + | === Generating or importing keys with PuTTY (Windows) === |
| - | Read the //Converting/Creating ssh keys with PuTTYgen// sub-sections of [[other:putty_conf#using_ssh_keys|Using ssh keys]], on the ''PuTTY'' page | + | Read [[other:putty_conf#converting_existing_ssh_keys_with_puttygen|Converting existing ssh keys with PuTTYgen]], or [[other:putty_conf#creating_ssh_keys_with_puttygen|Creating ssh keys with PuTTYgen]] |
| ==== Installing ssh keys ==== | ==== Installing ssh keys ==== | ||
other/ssh.txt · Last modified: 2023/05/03 08:32 by jypeter
