| Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
| other:ssh [2023/03/15 11:47] – [Configuration files] Improved jypeter | other:ssh [2023/03/16 16:03] – [Generating ssh keys] jypeter |
|---|
| * [[https://documentations.ipsl.fr/MESO_User/Quick_start.html|More details]] | * [[https://documentations.ipsl.fr/MESO_User/Quick_start.html|More details]] |
| |
| === TGCC servers === | === TGCC (super)computers === |
| |
| If you want to connect to the the **TGCC servers**: | If you want to use the [[https://www-hpc.cea.fr/tgcc-public/en/html/tgcc-public.html|TGCC computers]] (e.g. ''irene''): |
| * Connecting to ''irene'': | |
| * Note: you have to go trough ''ssh1'', even if you are on the LSCE network! | |
| * ''ssh -A -X my_LSCE_login@ssh1.lsce.ipsl.fr -t ssh -A -X my_TGCC_login@irene-ccrt.ccc.cea.fr'' | |
| * The [[https://intranet.lsce.ipsl.fr/informatique/en/tgcc.php|TGCC connection details]] may vary, depending on your login type | |
| |
| === IDRIS servers === | * Note: you have to go //trough// the ''ssh1'' LSCE gateway to access the TGCC, even if you are on the LSCE wired network! |
| | * ''ssh -A -X my_LSCE_login@ssh1.lsce.ipsl.fr -t ssh -A -X my_TGCC_login@some_tgcc_login_node'' |
| | * Once you are on a TGCC login node (e.g. ''irene''), you can get lots of information by typing ''<node>.info'' (e.g. ''irene.info'') |
| | * [[https://intranet.lsce.ipsl.fr/informatique/en/tgcc.php|more TGCC connection details]] |
| | |
| | === IDRIS (super)computers === |
| |
| FIXME | FIXME |
| ''ssh'' will store all its **configuration files** in a ''.ssh'' sub-directory of your //home// directory. The configuration files are in a //text// format. | ''ssh'' will store all its **configuration files** in a ''.ssh'' sub-directory of your //home// directory. The configuration files are in a //text// format. |
| |
| * Linux: ''~/.ssh/'' directory | * **Linux**: ''~/.ssh/'' directory |
| * Windows: ''C:\Users\your_windows_login\.ssh'' directory | * **Windows**: ''C:\Users\your_windows_login\.ssh'' directory |
| * Mac: ''/Users/your_mac_login/.ssh'' directory (should be the same path as ''~/.ssh/'') | * **Mac**: ''/Users/your_mac_login/.ssh'' directory (should be the same path as ''~/.ssh/'') |
| |
| You will find (some of) the following text files: | You will find (some of) the following text files: |
| |
| === Some common sense advice === | === Some common sense advice === |
| |
| |
| * **Generate only one pair of private/public keys and use the same pair of keys everywhere!**\\ Put differently, do not generate a different pair of key on each computer/server you use (even if you always use the same passphrase)! | * **Generate only one pair of private/public keys and use the same pair of keys everywhere!**\\ Put differently, do not generate a different pair of key on each computer/server you use (even if you always use the same passphrase)! |
| * Easy to remember passphrase example: "//I love working at LSCE!//" | * Easy to remember passphrase example: "//I love working at LSCE!//" |
| |
| === Generating keys in a terminal === | === Generating keys in a terminal (Linux and Mac) === |
| |
| Remember that if you already have a pair of keys, you probably don't want to generate a new pair, unless you have been asked to (e.g. because an old encryption type like //DSA// has been deprecated), or have lost one of the keys, or forgotten your passphrase. If you generate a new pair of keys, you will have to replace the old keys that you were using on all your desktops/laptops, and all the remote servers | If you already have a pair of ssh keys, you probably don't want to generate a new pair, unless you have been asked to (e.g. because an old encryption type like //DSA// has been deprecated), or you have lost one of the keys, or forgotten your passphrase. If you generate a new pair of keys, you will have to replace the old keys that you were using on all your desktops/laptops, and all the remote servers |
| |
| There are several ways to generate pairs of ssh keys with ''ssh-keygen''. The following one is the one recommended for opening an account on [[https://mesocentre.ipsl.fr/account-opening/|IPSL Mésocentre ESPRI]]. If you open an account on ''spirit'', but already have a public key, just **send your existing public key**! | There are several ways to generate pairs of ssh keys with ''ssh-keygen''. The following one is the one recommended for opening an account on [[https://mesocentre.ipsl.fr/account-opening/|IPSL Mésocentre ESPRI]]. If you open an account on ''spirit'', but already have a public key, just **send your existing public key**! |
| * Accept the default path and key name | * Accept the default path and key name |
| * <wrap em>Do not specify an empty passphrase!</wrap> | * <wrap em>Do not specify an empty passphrase!</wrap> |
| * This will generate two text //key// files in a sub-directory of your account (''~/.ssh/'' on Linux, ''C:\Users\my_login\.ssh\'' on Windows 10): | * Note: ''ssh-keygen -t ed25519'' will also work on Windows! But then you will still have to [[other:putty_conf#converting_existing_ssh_keys_with_puttygen|convert the generated private key with PuTTYgen]] |
| | * This will generate two text //key// files in the [[other:ssh#configuration_files|ssh configuration directory]]: |
| * The **//private// key**: ''id_ed25519'' | * The **//private// key**: ''id_ed25519'' |
| * Note: on a Linux computer, the private key has to be readable only by you, otherwise ''ssh'' will not work | * Note: on a Linux computer, the private key has to be readable only by you, otherwise ''ssh'' will not work |
| -----END OPENSSH PRIVATE KEY-----</code> | -----END OPENSSH PRIVATE KEY-----</code> |
| * The **//public// key**: ''id_ed25519**.pub**'' | * The **//public// key**: ''id_ed25519**.pub**'' |
| * This is the information that you can share. Note that the ''my_login@my_machine'' at the end of the line is just some information about who generated the keys, and where, and can be removed or replaced by something more informative | * This is the //key// that **you can share**, or that you have to send when opening an account on [[https://mesocentre.ipsl.fr/account-opening/|IPSL Mésocentre ESPRI]]. |
| | * Note that the ''my_login@my_machine'' string at the end of the line is just some information about who generated the keys, and where, and can be removed or replaced by something more informative |
| * <code> > cat id_ed25519.pub | * <code> > cat id_ed25519.pub |
| ssh-ed25519 AAAAC3NzaC1lZDI1NT [ lots of cryptic characters ] Frx8rRFKthpmqRdkXl my_login@my_machine</code> | ssh-ed25519 AAAAC3NzaC1lZDI1NT [ lots of cryptic characters ] Frx8rRFKthpmqRdkXl my_login@my_machine</code> |
| |
| === Generating or importing keys with PuTTY on a Windows computer === | === Generating or importing keys with PuTTY (Windows) === |
| |
| Read the //Converting/Creating ssh keys with PuTTYgen// sub-sections of [[other:putty_conf#using_ssh_keys|Using ssh keys]], on the ''PuTTY'' page | Read [[other:putty_conf#converting_existing_ssh_keys_with_puttygen|Converting existing ssh keys with PuTTYgen]], or [[other:putty_conf#creating_ssh_keys_with_puttygen|Creating ssh keys with PuTTYgen]] |
| |
| ==== Installing ssh keys ==== | ==== Installing ssh keys ==== |
