| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| other:ssh [2023/04/14 14:35] – [Windows ssh agent] Cleaned the Win agent section jypeter | other:ssh [2024/11/29 13:58] (current) – [Installing ssh keys] Improved jypeter |
|---|
| |
| If you want to connect to the [[https://documentations.ipsl.fr/spirit/spirit_clusters/head_nodes.html|IPSL servers]] (only possible with [[other:ssh#using_ssh_keys|ssh keys]]!): | If you want to connect to the [[https://documentations.ipsl.fr/spirit/spirit_clusters/head_nodes.html|IPSL servers]] (only possible with [[other:ssh#using_ssh_keys|ssh keys]]!): |
| | * [[https://mesocentre.ipsl.fr/account-opening/|Requesting an account at IPSL]] |
| * Connecting to ''spirit1'': | * Connecting to ''spirit1'': |
| * ''ssh -A -X my_meso_login@spirit1.ipsl.fr'' | * ''ssh -A -X my_meso_login@spirit1.ipsl.fr'' |
| ==== Installing ssh keys ==== | ==== Installing ssh keys ==== |
| |
| | <note tip>**Special case**: |
| |
| | * ''spirit[x]'' servers: if you need to use the [[other:ssh#ipsl_servers|IPSL spirit[x] servers]], you have to send your //public// key when you request your account, and the IT people will take care of putting your //public// key in the correct place when they create your account |
| | |
| | </note> |
| | |
| | The **required //ssh key// files have to be present in the ''.ssh'' [[other:ssh#configuration_files|directory where ssh stores its configuration files]]**, on the //source// **and** //target// computers. You do not need the same key files on the //source// **and** //target// computers, but it is easier to have all the key files in all the ''.ssh'' directories. This will also act as a backup of the key files in different locations. |
| | |
| | |
| | We assume below that you have copied the required key files in the ''.ssh'' directory of both //source// and //target// computers. We also assume that we are dealing with ''ed25519'' keys, so the //key// files will are named: ''id_ed25519'' (and ''id_ed25519**.ppk**'' on a Windows computer, if you use [[other:putty_conf#using_ssh_keys_with_putty_pageant|PuTTY/Pageant]]), and ''id_ed25519**.pub**''. |
| | |
| | |
| | * on the **//source// computer**\\ (your local desktop/laptop, or a remote Linux server if you will use ''ssh''/''scp'' from this remote server to another remote server)\\ \\ |
| | * you need **the //private// key**: e.g. ''id_ed25519'' |
| | * remember that **the private key has to be readable only by the file owner (you!)** on a linux (or Mac) computer\\ <code>$ chmod 600 ~/.ssh/id_ed25519 |
| | |
| | $ ls -l ~/.ssh/id_ed25519 |
| | -rw------- [...] /some_path/your_login/.ssh/id_ed25519</code> |
| | |
| | |
| | * and the **//target// computer**\\ (a remote Linux server)\\ \\ |
| | * you need **the //public// key**: e.g. ''id_ed25519.pub'' |
| | * you need a copy of the //public// key in the ''authorized_keys'' file |
| | * **if the ''authorized_keys'' file does not exist yet**, just copy the //public// key file\\ <code>$ cd ~/.ssh |
| | |
| | $ ls -l authorized_keys |
| | ls: cannot access authorized_keys: No such file or directory |
| | |
| | $ cp -p id_ed25519.pub authorized_keys</code> |
| | * **if there is already an ''authorized_keys'' file** (possibly with older public keys), just create a backup of the existing file, and **add the new public key at the end of the file**\\ <code>$ cd ~/.ssh |
| | |
| | $ cat authorized_keys |
| | ssh-dss AAAAB3NzaC1kc3MAAACBAM9w0bY604COfD5yLwlBLaSDSbi2eKfhPJBl/ |
| | [...] |
| | OUZ8jrQrhDbq2P7GNTTaEEdy+JvtDvZSZLG4+DwhWSkxqPZ35yD8wfOi5WInpG3Cms some_login |
| | |
| | $ mv authorized_keys authorized_keys.save |
| | |
| | $ cat authorized_keys.save id_ed25519.pub > authorized_keys |
| | |
| | $ cat authorized_keys |
| | ssh-dss AAAAB3NzaC1kc3MAAACBAM9w0bY604COfD5yLwlBLaSDSbi2eKfhPJBl/ |
| | [...] |
| | OUZ8jrQrhDbq2P7GNTTaEEdy+JvtDvZSZLG4+DwhWSkxqPZ35yD8wfOi5WInpG3Cms some_login |
| | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICD35IUxzgjlslHsrOZQ2ARZsXN1RuDcJ+ncyBKLwHr another_login |
| | </code> |
| ==== Using the keys ==== | ==== Using the keys ==== |
| |
| ==== Windows ssh agent ==== | ==== Windows ssh agent ==== |
| |
| * On Windows, you should use [[other:putty_conf#using_the_private_key_in_pageant|Pageant/PuTTY]] as an //ssh agent//, because [[other:putty_conf#launching_putty_pageant|Pageant/PuTTY]] also offers a very easy and convenient way to define profiles to connect to your favorite servers | * On Windows, we recommend using [[other:putty_conf#using_the_private_key_in_pageant|Pageant/PuTTY]] as an //ssh agent//, because: |
| | * [[other:putty_conf#launching_putty_pageant|Pageant/PuTTY]] also offers a very easy and convenient way to define profiles to connect to your favorite servers |
| | * Some programs that use ''ssh'' to transfer files will automatically use the keys stored in ''Pageant'': [[other:win10apps#winscp|WinSCP]], [[other:emacs_doc|emacs]], ... |
| |
| * It is also possible (but less convenient) to use the Windows built-in ''ssh-agent'' and ''ssh'' commands! | * It is also possible (but less convenient) to use the Windows built-in ''ssh-agent'' and ''ssh'' commands! |
| |
| C: > ssh-add | C: > ssh-add |
| Enter passphrase for C:\Users\your_login/.ssh/id_dsa: | Enter passphrase for C:\Users\your_login/.ssh/id_dsa: XXXX_Type_Your_Passphrase_Here_XXXX |
| Identity added: C:\Users\your_login/.ssh/id_dsa | Identity added: C:\Users\your_login/.ssh/id_dsa |
| Identity added: C:\Users\your_login/.ssh/id_ed25519</code> | Identity added: C:\Users\your_login/.ssh/id_ed25519 |
| | |
| | C: > ssh-add -l |
| | 1024 SHA256:/vC3Ma6s9Wj[Some_Summary_Info_About_The_Key]c1Q4 (DSA) |
| | 256 SHA256:8BGKU+zBnJXH[Some_Summary_Info_About_The_Key]2Al8 jypeter@obelix5 (ED25519)</code> |
| |
| ==== Mac ssh agent ==== | ==== Mac ssh agent ==== |
