Computer Documentation Wiki

User Tools

Site Tools

Trace: sudo easybuild_environment linux fedora_33 dropbox
services:2fa:sshkeys

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
services:2fa:sshkeys [2021/03/22 11:16] deulservices:2fa:sshkeys [2021/03/22 14:37] (current) – [From Windows] deul
Line 4: Line 4:
   - To login between computers at the Observatory   - To login between computers at the Observatory
  
-Below we deal with these two cases.+Below we deal with these two cases. Please note that when you setup a private/public key pair, you need to be extremely carefull with the private key. It's name already indicates it is a **private** key. It is like a password, extremely important and you shield this file with your life! It is best if you add, during the creation of the key pair, a complex passphrase.
  
 =====Login from outside the Observatory===== =====Login from outside the Observatory=====
-Login from the internet is usually done from your own personal computer. Of course that is a MacBook, but for all those 'other system' users we describe belog how to setup a private/public key pair to allow seemless lgon to the Observatory computers.+Login from the internet is usually done from your own personal computer. Of course that is a MacBook, but for all those 'other system' users we describe belog how to setup a private/public key pair to allow seemless logon to the Observatory computers.
 ====From Windows==== ====From Windows====
-For Windows, you can use ''%%putty%%'', ''%%MobaXterm%%'' or ''%%Bitvise Tunnelier%%'' to open a terminal session to a Linux desktop or server computer. Below we describe the seutp for each program separately: +For Windows, you can use ''%%putty%%'', ''%%MobaXterm%%'' or ''%%Bitvise Tunnelier%%'' to open a terminal session to a Linux desktop or server computer. Below we describe the setup for each program separately: 
-  * [[:services:2fa:ssh:putty|Setup putty]] +  * [[:services:2fa:ssh:putty|Setup Putty]] 
-  * [[:services:2fa:ssh:mobaxterm|Setup MobaXterm]]+  * [[:services:2fa:ssh:winscp|Setup WinSCP]]
   * [[:services:2fa:ssh:tunnelier|Setup Bitvise Tunnelier]]   * [[:services:2fa:ssh:tunnelier|Setup Bitvise Tunnelier]]
  
 ====From MacOS==== ====From MacOS====
 +  * [[:services:2fa:ssh:macos|Setup key based login from MacOS]]
 ====From Linux==== ====From Linux====
-setup ssh for key based login+  * [[:services:2fa:ssh:linux|Setup Linux]]
  
-We need to create a private/public key set to allow passwordless login via ssh. To do this run the sshkey-ge command: 
  
 +=====Ssh key based login between computers at the Observatory=====
 +To setup an ssh key pair to allow you to login password/2fa less between Observatory computers tthat all share the ''%%/home%%'' directory structure, you can simply create a keypair in your ''%%.ssh%%'' directory:
   $ ssh-keygen -t ecdsa   $ ssh-keygen -t ecdsa
   Generating public/private ecdsa key pair.   Generating public/private ecdsa key pair.
Line 28: Line 30:
   Your public key has been saved in /home/testuser1/.ssh/id_ecdsa.pub   Your public key has been saved in /home/testuser1/.ssh/id_ecdsa.pub
   The key fingerprint is:   The key fingerprint is:
-  SHA256:xb4Rs37UbXt3Wn5cHkdKWy2ZDBbor9F83IYNLhjsfIU testuser1@bree.strw.leidenuniv.nl+  SHA256:xb4Rs37UbXt3Wn5cHkdKWy2ZDBbor9F83IYNLhjsfIU testuser1@<machine>.strw.leidenuniv.nl
   The key's randomart image is:   The key's randomart image is:
   +---[ECDSA 256]---+   +---[ECDSA 256]---+
Line 42: Line 44:
   +----[SHA256]-----+   +----[SHA256]-----+
  
-For both question about passphrase, just hit enter (we will not be using passphrases). This will also have generated two files in your personal .ssh directory:+and then add the public key to your ''%%authorized_keys%%'' file: 
 +   cat ~/.ssh/id_ecdsa.pub >> ~/.ssh/authorized_keys
  
-  $ ls -ltr id_ecdsa* +From this point on login into Observatory Lunix computers from Observatory Linux computers is easy.
-  -rw------- 1 testuser1 users 537 Mar 22 12:13 id_ecdsa +
-  -rw-r--r-- 1 testuser1 users 195 Mar 22 12:13 id_ecdsa.pub +
- +
-The file id_rsa.pub must be transferred to the remote host. For this we can use ssh-copy-id: +
- +
-  $ ssh-copy-id -i ~/.ssh/id_edcsa.pub username@remote-host +
- +
-This may produce the following message: +
- +
-  /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/username/.ssh/id_edcsa.pub" +
-  The authenticity of host 'remote-host (123.123.123.123)' can't be established. +
-  ECDSA key fingerprint is SHA256:tygMarTe3SOjTcY9HzldKThxQzsTeiYHg5JmjB2bxeg. +
-  Are you sure you want to continue connecting (yes/no)? yes +
- +
-Having confirmed the access key to remote-host, the copy operation will commence: +
- +
-  /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed +
-  /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys +
-  username@remote-host's password: +
- +
-Type your password to actually start the file copy. +
- +
-  Number of key(s) added: 1 +
-   +
-  Now try logging into the machine, with:   "ssh 'username@remote-host'" +
-  and check to make sure that only the key(s) you wanted were added. +
- +
- +
-=====Login between computers at the Observatory=====+
services/2fa/sshkeys.1616411795.txt.gz · Last modified: by deul

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki