Differences

This shows you the differences between two versions of the page.

--- other:ssh [2023/03/16 15:03]
jypeter [Generating ssh keys]
+++ other:ssh [2023/04/14 12:35]
jypeter [Windows ssh agent] Cleaned the Win agent section
@@ Line 71: / Line 71: @@
 === IPSL servers ===
-If you want to connect to the **IPSL servers** (only possible with [[other:ssh#using_ssh_keys|ssh keys]]!):
+If you want to connect to the [[https://documentations.ipsl.fr/spirit/spirit_clusters/head_nodes.html|IPSL servers]] (only possible with [[other:ssh#using_ssh_keys|ssh keys]]!):
-  * Connecting to ''ciclad'':\\ ''ssh -A -X my_ciclad_login@ciclad.ipsl.jussieu.fr''
+  * Connecting to ''spirit1'':
-  * [[https://documentations.ipsl.fr/MESO_User/Quick_start.html|More details]]
+    * ''ssh -A -X my_meso_login@spirit1.ipsl.fr''
+    * Depending on what you need to do, you can also use ''spirit2'', ''spiritx1'' or ''spiritx2''
+  * [[https://documentations.ipsl.fr/spirit/spirit_clusters/head_nodes.html|More details]]
+  * Note: the ''ciclad'' server may still be accessible when you read this page, but its usage has been deprecated in favor of the ''spirit'' servers
 === TGCC (super)computers ===
@@ Line 288: / Line 291: @@
 ==== What are ssh keys and why use them? ====
-//ssh keys// are a combination of two specific (and unique) **text files**, **the private key** file and **the public key** file, linked by a special kind of password called **the passphrase**, that can be used instead of a standard password to connect securely from one server to another server
+//ssh keys// are a combination of two specific (and unique) **text files**, **the //private// key** file and **the //public// key** file, linked by a special kind of password called **the passphrase**, that can be used instead of a standard password to connect securely from one server to another server
 ssh keys have to be configured properly (a few easy steps), and are **very convenient** because:
-  * **They** usually **don't expire!**\\ You don't have to change them (except in some extra secure computing centers like TGCC) and you can keep them for years
+  * Contrary to passwords, **they usually don't expire!**\\ You don't have to change ssh keys (except in some extra secure computing centers like TGCC) and you can keep them for years
   * **They don't depend on the accounts and the passwords of the servers where you use them**
-    * You can (and should!) use the same set of ssh keys on several servers: you can then use the same passphrase to access these servers, rather than having to memorize different passwords\\ e.g. if you have your private key on ''account_A'' of ''server_A'' and install the matching public key on ''account_B'' of ''server_B'', etc... you can then use ''ssh'' on ''account_A@server_A'' to access ''account_B@server_B'', ''account_C@server_C'', ... with the same passphrase !
+    * You can (and should!) use the same set of ssh keys on several servers: you can then use the **same** passphrase to access all these servers, rather than having to memorize different passwords\\ e.g. if you have your //private// key on ''account_A'' of ''server_A'' and install the matching //public// key on ''account_B'' of ''server_B'', etc... you can then use ''ssh'' on ''account_A@server_A'' to access ''account_B@server_B'', ''account_C@server_C'', ... with the **same** passphrase !
-    * You can give your public key to somebody and then access their account using your own passphrase (no need to know the password of the other person)
+    * **You can give your public key** to somebody and then access their account using your own passphrase (no need to know the password of the other person)
   * The [[https://mesocentre.ipsl.fr/|IPSL Mésocentre ESPRI]] servers can **only** be accessed with a public key and passphrase (the password is not used)
-  * By default, ''ssh'' will ask you to type your passphrase each time you connect to a server, but **you can use an //ssh agent// to securely store your passphrase for you**\\ Once you have typed your passphrase in the //ssh agent//, you can connect to all the servers that have your public key without having to type your passphrase!
-    * ''scp'' (and [[other:win10apps#winscp|WinSCP]]) and the tools using ''ssh'' on your local computer will not ask your passphrase, if they find the passphrase in a running //ssh agent// on the local computer
+  * By default, ''ssh'' will ask you to type your passphrase each time you connect to a server, but **you can [[other:ssh#using_an_ssh_agent|use an ssh agent]] to securely store your passphrase for you**\\ Once you have typed your passphrase in the //ssh agent//, you can connect to all the servers that have your public key without having to type your passphrase!
+    * ''scp'' (and [[other:win10apps#winscp|WinSCP]] on Windows) and the tools using ''ssh'' on your local computer will not ask your passphrase, if they find the passphrase in a running //ssh agent// on the local computer
       * if you use the ''-A'' option ([[other:ssh#most_common_options|agent forwarding]]), the remote server will also //know// (securely) your passphrase, and you will not have to type the passphrase when using ''ssh'', ''scp'' and tools running //over ssh// on the remote server(s)
-    * the local //ssh agent// is terminated when you log out of your local computer (or reboot it)
+    * the local //ssh agent// is terminated when you log out of your local computer (or reboot the computer)
 ==== Generating ssh keys ====
@@ Line 370: / Line 376: @@
 ==== Windows ssh agent ====
-On Windows, you should use [[other:putty_conf|Pageant]] as an ssh agent
+  * On Windows, you should use [[other:putty_conf#using_the_private_key_in_pageant|Pageant/PuTTY]] as an //ssh agent//, because [[other:putty_conf#launching_putty_pageant|Pageant/PuTTY]] also offers a very easy and convenient way to define profiles to connect to your favorite servers
+  * It is also possible (but less convenient) to use the Windows built-in ''ssh-agent'' and ''ssh'' commands!
+    * Note that the //agent service// is not activated by default and you will get the following error when you try to use ''ssh-add''
+      * <code>C: > ssh-add
+Error connecting to agent: No such file or directory</code>
+    * It is necessary to first **activate the agent Windows //service//** (in an **//elevated// PowerShell**, i.e with //Administrator// privileges) as explained in the [[https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement#user-key-generation|User key generation]] section
+      * <code>C: > Get-Service ssh-agent
+Status   Name               DisplayName
+------   ----               -----------
+Stopped  ssh-agent          OpenSSH Authentication Agent
+C: > Get-Service ssh-agent | Set-Service -StartupType Automatic
+C: > Start-Service ssh-agent
+C: > Get-Service ssh-agent
+Status   Name               DisplayName
+------   ----               -----------
+Running  ssh-agent          OpenSSH Authentication Agent
+C: > ssh-add
+Enter passphrase for C:\Users\your_login/.ssh/id_dsa:
+Identity added: C:\Users\your_login/.ssh/id_dsa
+Identity added: C:\Users\your_login/.ssh/id_ed25519</code>
 ==== Mac ssh agent ====

PMIP3 wiki

User Tools

Site Tools

Differences

Page Tools